Vulnerabilities > Preprojects > PRE Real Estate Listings
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-24 | CVE-2008-7052 | Improper Input Validation vulnerability in Preprojects PRE Real Estate Listings Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. | 6.5 |
| 2009-05-07 | CVE-2008-6798 | SQL Injection vulnerability in Preprojects PRE Real Estate Listings Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field). | 7.5 |
| 2009-05-07 | CVE-2008-6796 | SQL Injection vulnerability in Preprojects PRE Real Estate Listings SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field). | 7.5 |
| 2008-09-23 | CVE-2008-4177 | SQL Injection vulnerability in Preprojects PRE Real Estate Listings SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter. | 7.5 |