Qi_Nice

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A weakness exists in the software that allows for SQL injection. The issue is located in the `delete payment` function within the `/admin class.php` file. Manipulation of the `ID` argument can trigger the SQL injection. The attack can be carried out remotely, and an exploit is publicly available. **Recommendations** Versions prior to 1.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A flaw exists in the software that allows for remote SQL injection. The issue is located in the `save category` function within the `/admin class.php` file. Manipulation of the `Name` argument can lead to a successful exploit. The exploit is publicly available. **Recommendations** Apply a fix to the `save category` function in the `/admin class.php` file to prevent manipulation of the `Name` argument.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Best House Rental Management System version 1.0 **Description** A flaw exists in the software that allows for SQL injection. The issue is located in the `save tenant` function within the `/admin class.php` file. Manipulation of the `firstname` argument can lead to a successful attack, which can be launched remotely. The exploit for this issue has been published. Other parameters may also be affected. **Recommendations** Versions prior to 1.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.