SQL Injection Vulnerability in Advanced Real Estate Script by AdvancedScript
CVE-2017-17603

9.8CRITICAL

Key Information:

Vendor: Advanced Real Estate Script Project
Status: Advanced Real Estate Script
Vendor: CVE Published:; 13 December 2017

🔔 Create Advanced Real Estate Script Project Vulnerability Alert

What is CVE-2017-17603?

The Advanced Real Estate Script version 4.0.7 is susceptible to SQL Injection attacks through multiple parameters including Projectmain, proj_type, searchtext, sell_price, or maxprice within the search-results.php file. This vulnerability could allow an attacker to manipulate SQL queries by injecting malicious code, potentially leading to unauthorized data access and other severe consequences. It is critical that users update to patched versions to mitigate this security risk.

References

https://www.exploit-db.com/exploits/43304/

exploitx_refsource_EXPLOIT-DB

https://packetstormsecurity.com/files/145345/Advanced-Rea...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2017
Vulnerability Reserved
Dec 13, 2017

CVE-2017-17603 Data

JSON