Cross-Site Request Forgery Vulnerability in SourceCodester Best House Rental Management System
CVE-2024-40476

8HIGH

Key Information:

Vendor: Mayurik
Status: Best House Rental Management
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-40476?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Best House Rental Management System v1.0 from SourceCodester. This vulnerability allows an attacker to create a malicious HTML page that can trick the system administrator into performing actions on tenant data, including adding, modifying, or deleting valid tenant records. Evidence of exploitation is demonstrated in actions such as the Delete Tenant operation executed through the /rental/ajax.php endpoint. This situation creates significant risks regarding data integrity and access control for users of the affected application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.sourcecodester.com/php/17375/best-courier-man...

https://github.com/takekaramey/CVE_Writeup/blob/main/Sour...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Jul 5, 2024

JSON

Mayurik

What is CVE-2024-40476?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.