CVE-2005-4018 Information

Description

SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start (2) search_order (3) search_type (4) search_area and (5) keyword parameters.

Reference

http://pridels0.blogspot.com/2005/12/landshop-real-estate-commerce-system.html http://secunia.com/advisories/17843 http://www.osvdb.org/21433 http://www.securityfocus.com/bid/15709 http://www.vupen.com/english/advisories/2005/2724