Key Information Vulnerability Name: Pre Real Estate Listings (search.php c) SQL Injection Vulnerability Date: 2008.09.27 Risk Level: High Remote Access: Yes CVE: CVE-2008-4177 CVE Vulnerability Type: CWE-89 CVSS Base Score: 7.5/10 Exploit Scope: Remote Confidentiality Impact: Partial Attack Complexity: Low Integrity Impact: Partial Exploitability Score: 10/10 Authentication Required: No Availability Impact: Partial URL: http://preproject.com/ Proof of Concept (PoC): References: - http://www.securityfocus.com/bid/31192 - http://www.milw0rm.com/exploits/6465 Additional Information Author: JosS Author Email: sys-project[at]hotmail[dot]com Website: http://spanish-hackers.com Team: Spanish Hackers Team - [SHT]