SQL Injection Vulnerability in Advanced Real Estate Script by PHP Scripts Mall
CVE-2019-20337

7.2HIGH

Key Information:

Vendor

Advanced Real Estate Script Project

Status
Advanced Real Estate Script
Vendor
CVE Published:
5 January 2020

What is CVE-2019-20337?

The Advanced Real Estate Script version 4.0.9 by PHP Scripts Mall contains a SQL Injection vulnerability in the news_edit.php file, where the news_id parameter is improperly validated. This flaw allows attackers to manipulate SQL queries, potentially gaining unauthorized access to sensitive data or compromising the application's integrity.

References

https://github.com/Mad-robot/CVE-List/blob/master/Advance...
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.