SQL Injection Vulnerability in SourceCodester Best House Rental Management System
CVE-2024-9041

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Best House Rental Management System
Vendor: CVE Published:; 20 September 2024

Summary

A critical vulnerability identified in SourceCodester's Best House Rental Management System version 1.0 can be exploited via SQL injection through the manipulation of input parameters such as firstname, lastname, and email in the /ajax.php file during account updates. This flaw allows remote attackers to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the user data stored in the database. With public disclosure of the exploit, it is vital for users to assess their security posture and implement necessary mitigation measures promptly. Regular updates and patches from the vendor can significantly reduce the risk associated with such vulnerabilities.

References

https://vuldb.com/?id.278212

https://vuldb.com/?ctiid.278212

https://vuldb.com/?submit.411502

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2024

Collectors

NVD Database