VULHUB ™

t0pP8uZz &amp; xprog have reported a vulnerability in PHP Real Estate Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the &quot;id&quot; parameter in fullnews.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving administrator usernames and passwords. PHP Real Estate Apply the vendor's official patch: <a href=http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip target=_blank>http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip</a>

t0pP8uZz &amp; xprog have reported a vulnerability in PHP Real Estate Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the &quot;id&quot; parameter in fullnews.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving administrator usernames and passwords. PHP Real Estate Apply the vendor's official patch: <a href=http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip target=_blank>http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip</a>