CVE-2024-6043

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:48

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 7.3
References () https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md - Exploit, Third Party Advisory () https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.268767 - Permissions Required, Third Party Advisory () https://vuldb.com/?ctiid.268767 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.268767 - Permissions Required, Third Party Advisory () https://vuldb.com/?id.268767 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.358176 - Third Party Advisory () https://vuldb.com/?submit.358176 - Third Party Advisory

16 Aug 2024, 20:59

Type Values Removed Values Added
CPE cpe:2.3:a:mayurik:best_house_rental_management_system:1.0:*:*:*:*:*:*:*
References () https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md - () https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.268767 - () https://vuldb.com/?ctiid.268767 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.268767 - () https://vuldb.com/?id.268767 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.358176 - () https://vuldb.com/?submit.358176 - Third Party Advisory
First Time Mayurik best House Rental Management System
Mayurik
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad ha sido encontrada en SourceCodester Best House Rental Management System 1.0 y clasificada como crítica. Esto afecta la función de inicio de sesión del archivo admin_class.php. La manipulación del argumento nombre de usuario conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-268767.

17 Jun 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-17 01:15

Updated : 2024-11-21 09:48


NVD link : CVE-2024-6043

Mitre link : CVE-2024-6043

CVE.ORG link : CVE-2024-6043


JSON object : View

Products Affected

mayurik

  • best_house_rental_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')