Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
Software | From | Fixed in |
---|---|---|
phpmyrealty / phpmyrealty | - | 1.0.9.x |
phpmyrealty / phpmyrealty | 1.0 | 1.0.x |
phpmyrealty / phpmyrealty | 1.0.1 | 1.0.1.x |
phpmyrealty / phpmyrealty | 1.0.2 | 1.0.2.x |
phpmyrealty / phpmyrealty | 1.0.3 | 1.0.3.x |
phpmyrealty / phpmyrealty | 1.0.4 | 1.0.4.x |
phpmyrealty / phpmyrealty | 1.0.5 | 1.0.5.x |
phpmyrealty / phpmyrealty | 1.0.6 | 1.0.6.x |
phpmyrealty / phpmyrealty | 1.0.7 | 1.0.7.x |
phpmyrealty / phpmyrealty | 1.0.8 | 1.0.8.x |