SQL Injection Vulnerability in SourceCodester Best House Rental Management System
CVE-2024-10349
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 24 October 2024
Badges
What is CVE-2024-10349?
A severe SQL injection vulnerability exists in the SourceCodester Best House Rental Management System version 1.0, particularly within the delete_tenant function of the ajax.php file. By manipulating the 'id' parameter, an unauthorized user can execute arbitrary SQL queries, compromising the database and allowing for potential unauthorized data access or modification. This vulnerability is remote exploitable, meaning attackers do not need physical access to the target system to exploit this flaw. The public disclosure of this vulnerability has raised concerns as it makes the application susceptible to exploitation by hackers. It is crucial for users of this system to apply updates or necessary mitigations promptly to safeguard against possible attacks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Best House Rental Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved