Cross-Site Request Forgery Vulnerability in SourceCodester Best House Rental Management System
CVE-2024-40476

8HIGH

Key Information:

Vendor: Mayurik
Status: Best House Rental Management
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-40476?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Best House Rental Management System v1.0 from SourceCodester. This vulnerability allows an attacker to create a malicious HTML page that can trick the system administrator into performing actions on tenant data, including adding, modifying, or deleting valid tenant records. Evidence of exploitation is demonstrated in actions such as the Delete Tenant operation executed through the /rental/ajax.php endpoint. This situation creates significant risks regarding data integrity and access control for users of the affected application.

References

https://www.sourcecodester.com/php/17375/best-courier-man...

https://github.com/takekaramey/CVE_Writeup/blob/main/Sour...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Jul 5, 2024

Mayurik

What is CVE-2024-40476?

References

CVSS V3.1

Timeline