Vulnerability Details : CVE-2010-4738
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2010-4738
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4738
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-4738
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4738
-
http://www.securityfocus.com/bid/45211
Real Estate Single 'resulttype.asp' SQL Injection VulnerabilityExploit
-
http://securityreason.com/securityalert/8088
Rae Media Real Estate Multi Agent SQL Injection Vulnerability - CXSecurity.com
-
http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt
Rae Media INC Real Estate Single and Multi Agent System SQL Injection ≈ Packet StormExploit
-
http://www.securityfocus.com/bid/45212
Multi Agent System 'city.asp' SQL Injection VulnerabilityExploit
-
http://securityreason.com/securityalert/8082
Rae Media INC Real Estate Single and Multi Agent System SQL Injection - CXSecurity.com
-
http://securityreason.com/securityalert/8080
Rae Media Real Estate Single Agent SQL Injection Vulnerability - CXSecurity.com
Products affected by CVE-2010-4738
- cpe:2.3:a:raemedia:real_estate_single_and_multi_agent_system:3.0:*:*:*:*:*:*:*