CVE-2015-20121
SQL Injection in RealtyScript 4.0.2 Enables Data Theft
Publication date: 2026-03-16
Last updated on: 2026-03-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextclickventures | realtyscript | 4.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2015-20121 affects RealtyScript version 4.0.2 and involves SQL injection vulnerabilities in two parameters: the GET parameter "u_id" in the file /admin/users.php and the POST parameter "agent[]" in /admin/mailer.php.'}, {'type': 'paragraph', 'content': 'These vulnerabilities allow unauthenticated attackers to inject arbitrary SQL code, enabling manipulation of database queries.'}, {'type': 'paragraph', 'content': 'Exploitation can be performed using time-based blind SQL injection techniques, which can be used to extract sensitive information from the database or cause denial of service by leveraging sleep-based payloads.'}] [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code.
Attackers can exploit this to extract sensitive information from the database, potentially exposing confidential data.
Additionally, attackers can cause denial of service by using sleep-based payloads, which can disrupt the availability of the affected application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "The vulnerability involves SQL injection through the GET parameter 'u_id' in /admin/users.php and the POST parameter 'agent[]' in /admin/mailer.php. Detection can be performed by testing these parameters for SQL injection using time-based blind SQL injection techniques."}, {'type': 'paragraph', 'content': 'For example, you can use curl commands to send payloads that cause delays if the injection is successful, such as adding sleep-based payloads to the parameters and measuring response times.'}, {'type': 'list_item', 'content': 'Test GET parameter \'u_id\' with a payload like: curl -i "http://target/admin/users.php?u_id=1\' AND IF(SLEEP(5),1,0)-- "'}, {'type': 'list_item', 'content': 'Test POST parameter \'agent[]\' with a payload like: curl -i -X POST -d "agent[]=1\' AND IF(SLEEP(5),1,0)-- " http://target/admin/mailer.php'}, {'type': 'paragraph', 'content': 'If the response is delayed by the sleep time, it indicates the presence of a time-based blind SQL injection vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting access to the vulnerable endpoints (/admin/users.php and /admin/mailer.php) to trusted users only, such as by implementing IP whitelisting or authentication.'}, {'type': 'paragraph', 'content': "Additionally, input validation and sanitization should be applied to the 'u_id' GET parameter and the 'agent[]' POST parameter to prevent injection of arbitrary SQL code."}, {'type': 'paragraph', 'content': 'If possible, update or patch RealtyScript to a version that addresses these SQL injection vulnerabilities.'}] [1]