CVE-2007-6472

Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.

Published: Dec 20, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-6472
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
phpmyrealty / phpmyrealty	1.0.9	1.0.9.x

http://secunia.com/advisories/28155
http://www.osvdb.org/39267
http://www.securityfocus.com/bid/26932
https://exchange.xforce.ibmcloud.com/vulnerabilities/39121
https://exchange.xforce.ibmcloud.com/vulnerabilities/39122
https://www.exploit-db.com/exploits/4750

Vulnerability Database

291,049

CVE-2007-6472