SQL Injection Vulnerability in Simple Real Estate Portal System by Oretnom23
CVE-2022-28411

9.8CRITICAL

Key Information:

Vendor: Simple Real Estate Portal System Portal
Status: Simple Real Estate Portal System
Vendor: CVE Published:; 21 April 2022

🔔 Create Simple Real Estate Portal System Portal Vulnerability Alert

What is CVE-2022-28411?

The Simple Real Estate Portal System version 1.0 is susceptible to SQL injection attacks through the parameterized URL /reps/admin/?page=agents/manage_agent. An attacker can exploit this vulnerability to manipulate SQL queries, potentially gaining unauthorized access to sensitive data in the database. It's crucial for users of this application to implement immediate patches and security measures to mitigate the risk of exploitation.

References

https://github.com/k0xx11/bug_report/blob/main/vendors/or...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2022
Vulnerability Reserved
Apr 4, 2022

CVE-2022-28411 Data

JSON