cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12357,https://securityvulnerability.io/vulnerability/CVE-2024-12357,File Inclusion Vulnerability in SourceCodester Best House Rental Management System,"CVE-2024-12357 identifies a significant file inclusion vulnerability in the SourceCodester Best House Rental Management System version 1.0. The flaw resides in the manipulation of the 'page' argument in the 'index.php' file, which permits attackers to include arbitrary files on the server. This vulnerability can be exploited remotely, leading to potential unauthorized access to sensitive files and critical system information. It has been publicly disclosed, raising concerns about the exposure of affected systems.",Sourcecodester,Best House Rental Management System,5.3,MEDIUM,0.0005200000014156103,false,false,false,true,true,false,false,2024-12-09T04:31:09.257Z,0
CVE-2024-11860,https://securityvulnerability.io/vulnerability/CVE-2024-11860,Improper Authorization Found in SourceCodester Best House Rental Management System,"CVE-2024-11860 is a critical security vulnerability identified in the SourceCodester Best House Rental Management System version 1.0. The flaw resides in the POST request handler, specifically at the file /rental/ajax.php, where it manipulates the 'id' argument leading to improper authorization of tenant deletion actions. This vulnerability can be exploited remotely, allowing unauthorized users to delete tenant records without sufficient permissions. The exploit for this vulnerability has been publicly disclosed, emphasizing the urgent need for affected users to implement security measures or patches to protect their systems.",Sourcecodester,Best House Rental Management System,6.5,MEDIUM,0.0005300000193528831,false,false,false,true,true,false,false,2024-11-27T16:31:05.325Z,0
CVE-2024-11743,https://securityvulnerability.io/vulnerability/CVE-2024-11743,Cross-Site Request Forgery Vulnerability in SourceCodester Best House Rental Management System,"CVE-2024-11743 pertains to a significant vulnerability found in the SourceCodester Best House Rental Management System 1.0. This issue arises from a flaw in the /rental/ajax.php?action=delete_user function, specifically within the POST Request Handler component. The vulnerability can be exploited through cross-site request forgery (CSRF), allowing attackers to perform unauthorized actions on behalf of authenticated users. This poses a considerable risk as it can be executed remotely, making it imperative for users and administrators to implement countermeasures swiftly following the disclosure of the exploit.",Sourcecodester,Best House Rental Management System,4.3,MEDIUM,0.0005200000014156103,false,false,false,true,true,false,false,2024-11-26T20:00:16.395Z,0
CVE-2024-11742,https://securityvulnerability.io/vulnerability/CVE-2024-11742,Cross-Site Scripting Vulnerability in SourceCodester Rental Management System,"CVE-2024-11742 is a high-risk cross-site scripting (XSS) vulnerability found in SourceCodester's Best House Rental Management System version 1.0. The vulnerability is triggered through insufficient input validation in the '/rental/ajax.php?action=save_tenant' endpoint. Specifically, parameters such as 'lastname', 'firstname', and 'middlename' can be manipulated to inject malicious scripts. This allows attackers to execute arbitrary JavaScript in the user’s browser session, potentially leading to unauthorized access to sensitive data. The issue can be exploited remotely, making it critical for any users of the application to apply appropriate security measures and updates.",Sourcecodester,Best House Rental Management System,5.4,MEDIUM,0.0006600000197067857,false,false,false,true,true,false,false,2024-11-26T20:00:13.454Z,0
CVE-2024-10349,https://securityvulnerability.io/vulnerability/CVE-2024-10349,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A severe SQL injection vulnerability exists in the SourceCodester Best House Rental Management System version 1.0, particularly within the delete_tenant function of the ajax.php file. By manipulating the 'id' parameter, an unauthorized user can execute arbitrary SQL queries, compromising the database and allowing for potential unauthorized data access or modification. This vulnerability is remote exploitable, meaning attackers do not need physical access to the target system to exploit this flaw. The public disclosure of this vulnerability has raised concerns as it makes the application susceptible to exploitation by hackers. It is crucial for users of this system to apply updates or necessary mitigations promptly to safeguard against possible attacks.",Sourcecodester,Best House Rental Management System,9.8,CRITICAL,0.0006300000241026282,false,false,false,true,true,false,false,2024-10-24T22:00:09.097Z,0
CVE-2024-10348,https://securityvulnerability.io/vulnerability/CVE-2024-10348,Cross Site Scripting Vulnerability Found in Best House Rental Management System,"A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field ""Last Name"" to be affected. Other fields might be affected as well.",Sourcecodester,Best House Rental Management System,5.4,MEDIUM,0.0006600000197067857,false,false,false,true,true,false,false,2024-10-24T22:00:06.522Z,0
CVE-2024-9041,https://securityvulnerability.io/vulnerability/CVE-2024-9041,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A critical vulnerability identified in SourceCodester's Best House Rental Management System version 1.0 can be exploited via SQL injection through the manipulation of input parameters such as firstname, lastname, and email in the /ajax.php file during account updates. This flaw allows remote attackers to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the user data stored in the database. With public disclosure of the exploit, it is vital for users to assess their security posture and implement necessary mitigation measures promptly. Regular updates and patches from the vendor can significantly reduce the risk associated with such vulnerabilities.",SourceCodester,Best House Rental Management System,8.8,HIGH,0.00171999994199723,false,false,false,false,,false,false,2024-09-20T17:15:00.000Z,0
CVE-2024-9039,https://securityvulnerability.io/vulnerability/CVE-2024-9039,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A critical security vulnerability has been identified in SourceCodester Best House Rental Management System 1.0, specifically within the /ajax.php file's signup functionality. This vulnerability arises due to improper handling of user input, allowing attackers to exploit SQL injection by manipulating parameters such as firstname, lastname, and email. Given that the attack can be executed remotely, it poses a significant risk to users of this application. As it has been publicly disclosed, immediate action should be taken to mitigate potential exploitation by implementing necessary security patches and validating user inputs thoroughly.",SourceCodester,Best House Rental Management System,9.8,CRITICAL,0.0016499999910593033,false,false,false,false,,false,false,2024-09-20T16:15:00.000Z,0
CVE-2024-9033,https://securityvulnerability.io/vulnerability/CVE-2024-9033,Cross Site Scripting Vulnerability in House Rental Management System,"The SourceCodester Best House Rental Management System version 1.0 is affected by a cross-site scripting (XSS) vulnerability that exists in the file /ajax.php, specifically in the functionality triggered by 'action=save_category'. This flaw allows an attacker to manipulate the argument 'name', which can lead to the execution of malicious scripts in the context of the victim's browser. The exploit can be conducted remotely, meaning that attackers do not need physical access to the affected system to initiate the attack. With the vulnerability now publicly disclosed, the potential for exploitation increases, making timely patching essential for users of this management system.",SourceCodester,Best House Rental Management System,5.4,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2024-09-20T15:15:00.000Z,0
CVE-2024-8709,https://securityvulnerability.io/vulnerability/CVE-2024-8709,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A critical security flaw has been identified in the Best House Rental Management System version 1.0, which allows for SQL injection through the 'delete_user/save_user' function in the '/admin_class.php' file. This vulnerability arises from improper handling of the 'id' argument, enabling remote attackers to execute arbitrary SQL commands. Such exploitation may lead to unauthorized data access or manipulation. It is essential for users of this software to take immediate action to secure their systems against potential threats stemming from this newly disclosed exploit.",Sourcecodester,Best House Rental Management System,8.8,HIGH,0.0011399999493733048,false,false,false,true,true,false,false,2024-09-12T02:31:04.772Z,0
CVE-2024-8708,https://securityvulnerability.io/vulnerability/CVE-2024-8708,Rincipal Security Vulnerability Discovered in Best House Rental Management System 1.0,A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely.,Sourcecodester,Best House Rental Management System,6.1,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-09-12T02:00:04.543Z,0
CVE-2024-8610,https://securityvulnerability.io/vulnerability/CVE-2024-8610,Cross-Site Scripting Vulnerability in Best House Rental Management System 1.0,"A vulnerability has been identified in SourceCodester's Best House Rental Management System version 1.0, specifically within the New Tenant Page functionality located at /index.php?page=tenants. The flaw arises from improper handling of user-supplied data in the fields for Last Name, First Name, and Middle Name, enabling attackers to execute cross-site scripting (XSS) attacks remotely. This exploit leverages the vulnerability, posing significant risks as it has been publicly disclosed and could be utilized by malicious actors to compromise the security of the application and its users.",Sourcecodester,Best House Rental Management System,5.4,MEDIUM,0.0006600000197067857,false,false,false,true,true,false,false,2024-09-09T20:31:05.859Z,0
CVE-2024-7812,https://securityvulnerability.io/vulnerability/CVE-2024-7812,SourceCodester Best House Rental Management System 1.0 Vulnerable to Cross-Site Scripting Attacks,A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Best House Rental Management System,5.4,MEDIUM,0.0008800000068731606,false,false,false,true,true,false,false,2024-08-15T03:00:06.502Z,0
CVE-2024-6066,https://securityvulnerability.io/vulnerability/CVE-2024-6066,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A serious SQL injection vulnerability has been uncovered in SourceCodester’s Best House Rental Management System version 1.0. This security flaw lies within the file payment_report.php, where improper handling of the 'month_of' parameter can be exploited. Attackers can manipulate this argument to execute malicious SQL commands, potentially leading to unauthorized access to sensitive database information. Given that this exploit can be executed remotely, it poses a severe risk to systems still running this version. Organizations using this product are strongly advised to implement mitigations to prevent exploitation and to stay informed about security patches released by SourceCodester.",Sourcecodester,Best House Rental Management System,9.8,CRITICAL,0.000699999975040555,false,false,false,true,true,false,false,2024-06-17T21:00:09.026Z,0
CVE-2024-6043,https://securityvulnerability.io/vulnerability/CVE-2024-6043,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A serious SQL Injection vulnerability has been discovered in the SourceCodester Best House Rental Management System version 1.0, specifically within the login function of the admin_class.php file. This flaw enables attackers to manipulate the username parameter, potentially compromising the security of the entire application by allowing unauthorized access to sensitive data. Since the exploit can be executed remotely, systems utilizing this software are at significant risk. With the public disclosure of this vulnerability, it is crucial for users and administrators to implement immediate defensive measures. For detailed CVE information and vulnerability management, visit the [VDB-268767](https://vuldb.com/?id.268767) for insights and mitigation strategies.",Sourcecodester,Best House Rental Management System,9.8,CRITICAL,0.0006600000197067857,false,false,false,true,true,false,false,2024-06-17T01:15:00.000Z,0
CVE-2024-5366,https://securityvulnerability.io/vulnerability/CVE-2024-5366,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A critical SQL injection vulnerability exists in the Best House Rental Management System developed by SourceCodester, particularly affecting the 'edit-cate.php' file. This vulnerability allows attackers to manipulate the 'id' parameter to execute arbitrary SQL code, thereby compromising the integrity of the database. Remote exploitation of this flaw can lead to unauthorized access and manipulation of sensitive data by untrusted parties. The vulnerability has been publicly disclosed, increasing the urgency for users of the affected system to implement necessary security measures. It is crucial for organizations to audit their systems and apply available patches to mitigate potential risks associated with this vulnerability.",Sourcecodester,Best House Rental Management System,6.3,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-05-26T14:00:04.458Z,0
CVE-2024-5365,https://securityvulnerability.io/vulnerability/CVE-2024-5365,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A significant security vulnerability has been identified in the SourceCodester Best House Rental Management System, specifically affecting version 1.0. The vulnerability exists in the 'manage_payment.php' file, where inadequate input validation allows for SQL injection. An attacker may remotely manipulate the 'id' parameter, enabling them to execute arbitrary SQL commands. This compromise can lead to unauthorized access to sensitive data, potentially affecting the system's integrity and confidentiality. Timely patching and mitigation strategies are critical for users of this system to safeguard against possible exploitation.",Sourcecodester,Best House Rental Management System,6.3,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-05-26T13:00:04.390Z,0
CVE-2024-5364,https://securityvulnerability.io/vulnerability/CVE-2024-5364,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A critical SQL injection vulnerability has been identified in the file manage_tenant.php of the SourceCodester Best House Rental Management System versions up to 1.0. This flaw allows attackers to manipulate the 'id' argument, enabling unauthorized access to the database. The vulnerability can be exploited remotely, posing a serious risk to data integrity and security. It is crucial for users of this system to implement security measures to mitigate potential attacks, as the exploit has been publicly disclosed and could be readily used by malicious actors.",Sourcecodester,Best House Rental Management System,6.3,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-05-26T12:31:05.192Z,0
CVE-2024-5363,https://securityvulnerability.io/vulnerability/CVE-2024-5363,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A serious SQL injection vulnerability has been identified in the SourceCodester Best House Rental Management System, specifically affecting version 1.0. The flaw is located in the manage_user.php file, where improper handling of user-supplied data allows attackers to manipulate the 'id' argument. This exploitation can lead to unauthorized access to the database, allowing malicious actors to execute arbitrary SQL queries remotely. With the potential for serious data breaches, it is crucial for users of this system to implement security measures immediately. The vulnerability has been publicly disclosed and is documented under VDB-266275, warranting urgent attention from administrators and security professionals.",Sourcecodester,Best House Rental Management System,6.3,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-05-26T12:00:04.912Z,0
CVE-2024-5094,https://securityvulnerability.io/vulnerability/CVE-2024-5094,SQL Injection Vulnerability in SourceCodester Best House Rental Management System,"A severe security vulnerability has been identified in the SourceCodester Best House Rental Management System version 1.0, specifically affecting the 'view_payment.php' file. This critical SQL injection vulnerability allows an attacker to manipulate the 'id' parameter, potentially leading to unauthorized access and data exposure. The attack can be executed remotely, making it crucial for users to patch their systems immediately. The vulnerability has been publicly disclosed, which increases the risk of exploitation. It is essential for organizations utilizing this software to implement robust security measures to prevent unauthorized access and ensure the integrity of their systems.",Sourcecodester,Best House Rental Management System,7.3,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-05-18T20:00:05.131Z,0
CVE-2024-5093,https://securityvulnerability.io/vulnerability/CVE-2024-5093,SQL Injection Vulnerability in SourceCodester House Rental Management System,"A severe SQL injection vulnerability has been identified within SourceCodester's Best House Rental Management System version 1.0. This security flaw arises from the manipulation of input parameters within the login.php file, specifically affecting the username and password fields. Attackers can exploit this vulnerability remotely to execute arbitrary SQL queries, potentially compromising the integrity and confidentiality of the underlying database. Public disclosure of the exploit increases the urgency for remediation. Organizations utilizing this product should implement immediate security measures to mitigate associated risks, including input validation protocols and regular security audits.",Sourcecodester,Best House Rental Management System,7.3,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-05-18T18:31:04.271Z,0