SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter.
https://www.exploit-db.com/exploits/6371
https://exchange.xforce.ibmcloud.com/vulnerabilities/44945