CVE-2024-48579

Name of the Vulnerable Software and Affected Versions Best House rental management system project in php version 1.0

Description The issue allows a remote attacker to execute arbitrary code via the username parameter of the "login request" API endpoint. This enables the attacker to inject malicious SQL code, potentially leading to unauthorized access or data manipulation.

Recommendations For version 1.0, consider validating and sanitizing the username parameter to prevent SQL injection attacks. As a temporary workaround, restrict access to the login functionality until a proper fix is implemented.