CVE-2015-20120 HIGH

CVE-2015-20120: RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

Vendor Next Click Ventures

Product RealtyScript

Weakness CWE-89 · SQLi

Published March 15, 2026

Last update March 16, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database contents character by character based on response timing differences.

Key dates

02Disclosure timeline

March 15, 2026 CVE published

March 16, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2015-20120 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2015-20120: RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

01Description

02Disclosure timeline

03References

04Related CVE