SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
https://www.exploit-db.com/exploits/3001
http://www.vupen.com/english/advisories/2006/5179
http://secunia.com/advisories/23506
Source: Mitre, NVD
Published: 2006-12-28
Updated: 2026-06-16
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.00321