RSS   Vulnerabilities for 'Sg real estate portal'   RSS

2009-01-30
 
CVE-2008-6011

CWE-89
 

 
SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

 
 
CVE-2008-6010

CWE-22
 

 
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php.

 
 
CVE-2008-6009

CWE-287
 

 
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.

 


Copyright 2024, cxsecurity.com

 

Back to Top