Unrated severityNVD Advisory· Published Mar 15, 2026· Updated Mar 16, 2026
RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection
CVE-2015-20120
Description
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database contents character by character based on response timing differences.
Affected products
2- Range: =4.0.2
- Next Click Ventures/RealtyScriptv5Range: 4.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/38497mitreexploit
- www.vulncheck.com/advisories/realtyscript-multiple-time-based-blind-sql-injectionmitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5270.phpmitrethird-party-advisory
News mentions
0No linked articles in our index yet.