Aggregates CVE and security vulnerability intelligence across all open-realty-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling and vendor risk sql injection, with potential vendor impact file overwrite across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-1112 | Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. | [email protected] | 6.8 | 8.89% | 2012-09-06 | 2026-04-29 |
| CVE-2011-3765 | Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files. | [email protected] | 5.0 | 0.32% | 2011-09-24 | 2026-04-29 |
| CVE-2007-5056 | Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. | [email protected] | 6.8 | 82.07% | 2007-09-24 | 2026-04-23 |
| CVE-2007-0490 | index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. | [email protected] | 5.0 | 0.27% | 2007-01-25 | 2026-04-23 |
| CVE-2006-3148 | SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php. | [email protected] | 7.5 | 0.78% | 2006-06-22 | 2026-04-16 |