CVE-2024-2916

Name of the Vulnerable Software and Affected Versions: Campcodes House Rental Management System version 1.0

Description: The issue is related to a lack of protection against SQL query structure exploitation in the Campcodes House Rental Management System. This allows a remote attacker to execute arbitrary SQL queries. The manipulation of the username argument in the file ajax.php leads to SQL injection. The exploit has been disclosed to the public and may be used. The attack can be launched remotely.

Recommendations: For Campcodes House Rental Management System version 1.0, consider disabling the ajax.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the username argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.