CVE-2010-4782 Information

Description

Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city (2) state (3) country (4) minprice (5) maxprice (6) bed and (7) bath parameters different vectors than CVE-2006-6807.

Reference

http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt http://secunia.com/advisories/23506 http://securityreason.com/securityalert/8185 http://www.exploit-db.com/exploits/15661 http://www.securityfocus.com/bid/45146