PT-2025-43868 · Sourcecodester · Best House Rental Management System

K1Nako

Published

2025-10-27

Updated

2025-10-28

CVE-2025-12208

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Best House Rental Management System version 1.0

Description A flaw exists in SourceCodester Best House Rental Management System 1.0 that allows for remote SQL injection. The issue is located within the login2 function of the /admin class.php file. Manipulation of the Username argument can lead to a successful exploit. The exploit has been publicly released.

Recommendations Apply a fix to the login2 function in the /admin class.php file to prevent manipulation of the Username argument.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-12208

Affected Products

Best House Rental Management System

PT-2025-43868 · Sourcecodester · Best House Rental Management System

CVE-2025-12208

Weakness Enumeration

Related Identifiers

Affected Products

References · 10