Best House Rental Management System
Monthly
SQL injection in SourceCodester Best House Rental Management System 1.0 allows high-privilege remote attackers to manipulate the house_no parameter in the save_house function of /admin_class.php, achieving limited confidentiality and integrity impact. Publicly available exploit code exists but exploitation requires administrative credentials (PR:H), significantly restricting real-world attack surface despite the CVSS 4.0 network vector.
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
SQL injection in SourceCodester Best House Rental Management System 1.0 allows high-privilege remote attackers to manipulate the house_no parameter in the save_house function of /admin_class.php, achieving limited confidentiality and integrity impact. Publicly available exploit code exists but exploitation requires administrative credentials (PR:H), significantly restricting real-world attack surface despite the CVSS 4.0 network vector.
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.