Which versions of Inout RealEstate are affected by CVE-2019-25479?

An unauthenticated SQL injection vulnerability in Inout RealEstate allows attackers to directly manipulate the database without requiring credentials, potentially exposing or modifying sensitive…

Is there a public PoC exploit available for CVE-2019-25479?

Yes, a public proof-of-concept exploit is available for CVE-2019-25479. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2019-25479?

Within 24 hours: Identify all instances of Inout RealEstate in production and assess whether they handle sensitive data; implement WAF rules to block SQL injection patterns in the city parameter; restrict network access to the application where possible. Within 7 days: Conduct a forensic audit of database access logs to identify any exploitation attempts; implement input validation and parameterized queries as a code-level workaround if feasible; establish enhanced monitoring on database query activity. Within 30 days: Engage vendor support to obtain a security patch or timeline; plan for immediate deployment once available; consider migration to alternative solutions if vendor support is unavailable.

Inout RealEstate CVE-2019-25479

Q: What is the CVSS score of CVE-2019-25479?

CVE-2019-25479 has a CVSS 4.0 base score of 8.8 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

HIGH

SQL Injection (CWE-89)

2026-03-12 disclosure@vulncheck.com

SQLi

8.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

8.2 (HIGH) 8.8 (HIGH)

PoC Detected

Mar 12, 2026 - 21:07 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 19:57 vuln.today

CVE Published

Mar 12, 2026 - 16:16 nvd

HIGH 8.2

DescriptionNVD

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city parameter to extract sensitive database information.

AnalysisAI

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. [CVSS 8.2 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city parameter to extract sensitive database information.

Affected ProductsAI

Component: city.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2019-25479 vulnerability details – vuln.today

Back

Inout RealEstate CVE-2019-25479

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

Inout RealEstate CVE-2019-25479

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code