SQL Injection Vulnerability in SourceCodester Best House Rental Management System
CVE-2024-9039

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Best House Rental Management System
Vendor: CVE Published:; 20 September 2024

Summary

A critical security vulnerability has been identified in SourceCodester Best House Rental Management System 1.0, specifically within the /ajax.php file's signup functionality. This vulnerability arises due to improper handling of user input, allowing attackers to exploit SQL injection by manipulating parameters such as firstname, lastname, and email. Given that the attack can be executed remotely, it poses a significant risk to users of this application. As it has been publicly disclosed, immediate action should be taken to mitigate potential exploitation by implementing necessary security patches and validating user inputs thoroughly.

References

https://vuldb.com/?id.278210

https://vuldb.com/?ctiid.278210

https://vuldb.com/?submit.411471

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2024

Collectors

NVD Database