PT-2024-39189 · Sourcecodester · Sourcecodester Best House Rental Management System

Gaorenyusi

Published

2024-09-11

Updated

2024-09-16

CVE-2024-8709

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SourceCodester Best House Rental Management System version 1.0

Description: A critical vulnerability has been found in the system. The issue affects the function delete user/save user of the file /admin class.php. The manipulation of the argument id leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For SourceCodester Best House Rental Management System version 1.0, consider disabling the delete user/save user function in the /admin class.php file until a patch is available. Restrict access to the id argument to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-8709

Affected Products

Sourcecodester Best House Rental Management System

CVE-2024-8709

Weakness Enumeration

Related Identifiers

Affected Products

References · 12