CVE-2024-2916

Name of the Vulnerable Software and Affected Versions: Campcodes House Rental Management System version 1.0

Description: The issue is related to a lack of protection against SQL query structure exploitation in the Campcodes House Rental Management System. This allows a remote attacker to execute arbitrary SQL queries. The manipulation of the

username

argument in the file

ajax.php

leads to SQL injection. The exploit has been disclosed to the public and may be used. The attack can be launched remotely.

Recommendations: For Campcodes House Rental Management System version 1.0, consider disabling the

ajax.php

file or restricting access to it until a patch is available. As a temporary workaround, avoid using the

username

argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.