Home / Vulnerability Intelligence / CVE-2015-20121

CVE-2015-20121 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 16, 2026

Published: March 16, 2026Updated: March 16, 2026Remote Exploitable

Overview

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u_id' in /admin/users.php and the POST parameter 'agent[]' in /admin/mailer.php. Attackers can exploit time-based blind SQL injection techniques to extract sensitive database information or cause denial of service through sleep-based payloads.

Severity & Score

Severity: High

CVSS Score: 8.2

References

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5270.php
https://www.exploit-db.com/exploits/38497
https://www.vulncheck.com/advisories/realtyscript-sql-injection-via-u-id-and-agent-parameters

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2015-20121
Severity: High
CVSS Score: 8.2
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N