Vulnerabilities > CVE-2006-3148 - SQL Injection vulnerability in Open-Realty 2.3.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
open-realty

Summary

SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.

Vulnerable Configurations

Part Description Count
Application
Open-Realty
1