PT-2017-14345 · Vastal · Agent Zone

Ihsan Sencan

Published

2017-10-31

Updated

2017-11-18

CVE-2017-15991

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property type, city, or posted by parameter, or searchResidential.php via the property type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-15991

Affected Products

Agent Zone

PT-2017-14345 · Vastal · Agent Zone

CVE-2017-15991

Weakness Enumeration

Related Identifiers

Affected Products

References · 2