216.73.217.98

CVE-2015-20120

· Published 16/03/2026 14:17 · Modified 16/03/2026 14:53

Labels: CVE-2015-20120 2026-03-16CVE-2015-20120CWE-89[email protected]

Essential information

Published
16/03/2026 14:17
Modified
16/03/2026 14:53
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database contents character by character based on response timing differences.

NVD status

Status
Undergoing Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
next click ventures / realtyscript cpe:2.3:a:next_click_ventures:realtyscript:4.0.2:*:*:*:*:*:*:*

References