CVE-2024-12943

Name of the Vulnerable Software and Affected Versions CodeAstro House Rental Management System version 1.0

Description A critical issue has been found in the CodeAstro House Rental Management System. The problem affects an unknown functionality of the file /ownersignup.php. Manipulation of the argument f/e/p/m/o/n/c/s/ci/a can lead to SQL injection. This issue can be exploited remotely. Although the initial advisory only mentions the parameter m as being affected, it is assumed that many other parameters are also vulnerable. The exploit for this issue has been made public.

Recommendations For CodeAstro House Rental Management System version 1.0, as a temporary workaround, consider restricting access to the /ownersignup.php file until a patch is available. Additionally, avoid using the parameters f, e, p, m, o, n, c, s, ci, and a in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.