CVE-2012-5290

Name of the Vulnerable Software and Affected Versions EasyWebRealEstate (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the lstid parameter to "listings.php" or the infoid parameter to "index.php".

Recommendations For all affected versions, consider restricting access to the "listings.php" and "index.php" scripts until a patch is available. As a temporary workaround, avoid using the lstid and infoid parameters in the affected API endpoints until the issue is resolved.