CVE-2015-20121
RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
15 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u_id' in /admin/users.php and the POST parameter 'agent[]' in /admin/mailer.php. Attackers can exploit time-based blind SQL injection techniques to extract sensitive database information or cause denial of service through sleep-based payloads.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Next Click Ventures · RealtyScripts