Mayurik Best House Rental Management System

Remote File Inclusion Vulnerability in SourceCodester Best House Rental Management System
CVE-2024-12357 5.3 - Medium - December 09, 2024

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

External Control of File Name or Path

SourceCodester Best House Rental Management System: Improper Authorization in POST Request Handler
CVE-2024-11860 6.5 - Medium - November 27, 2024

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AuthZ

Cross-Site Scripting (XSS) Vulnerability in SourceCodester Best House Rental Management System
CVE-2024-11742 5.4 - Medium - November 26, 2024

A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

XSS

SourceCodester Best House Rental Management System: CSRF Vulnerability in POST Request Handler
CVE-2024-11743 4.3 - Medium - November 26, 2024

A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Session Riding

Best House RM System 1.0 Remote SQLi via login username
CVE-2024-48579 - October 25, 2024

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.

Critical SQLi in delete_tenant of SourceCodester Best House Rental v1.0
CVE-2024-10349 9.8 - Critical - October 24, 2024

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester Best House Rental Mgmt System 1.0 XSS in Manage Tenant Details
CVE-2024-10348 5.4 - Medium - October 24, 2024

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.

XSS

Critical SQLi in SourceCodester Best House Rental Mgmt 1.0 via ajax.php
CVE-2024-9041 8.8 - High - September 20, 2024

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

CVE-2024-9039: SQLi in SourceCodester 1.0 /ajax.php
CVE-2024-9039 9.8 - Critical - September 20, 2024

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Best House Rental Mgmt 1.0 Remote XSS via /ajax.php
CVE-2024-9033 5.4 - Medium - September 20, 2024

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

XSS

Arbitrary File Upload in BestHouseRM 1.0 (admin_class.php)
CVE-2024-46377 - September 18, 2024

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.

Best House Rental Management System 1.0 - Arbitrary File Upload via update_account()
CVE-2024-46376 - September 18, 2024

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php.

Best House Rental Management System 1.0 arbitrary file upload in admin_class.php
CVE-2024-46375 - September 18, 2024

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php.

SQL Injection in Best House Rental Mgmt 1.0 via delete_category()
CVE-2024-46374 - September 18, 2024

Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.

SQLi in SourceCodester Best House Rental Management System 1.0 delete_user
CVE-2024-8709 8.8 - High - September 12, 2024

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

XSS in SourceCodester Best House Rental Management System 1.0 categories.php
CVE-2024-8708 6.1 - Medium - September 12, 2024

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely.

XSS

CVE-2024-8610: XSS in SourceCodester Best House Rental Mgmt Sys 1.0 New Tenant Page
CVE-2024-8610 5.4 - Medium - September 09, 2024

A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /index.php?page=tenants of the component New Tenant Page. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

XSS

XSS via POST lastname in SourceCodester Best House Rental 1.0
CVE-2024-7812 5.4 - Medium - August 15, 2024

A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS

SourceCodester Best House Rental Mgmt v1.0 Access Control Flaw in Reports
CVE-2024-40475 8.8 - High - August 12, 2024

SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php.

Stored XSS in manage_houses.php of SourceCodester Best House Rental Management System v1.0
CVE-2024-40473 5.4 - Medium - August 12, 2024

A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and "Description" parameter fields.

XSS

SourceCodester House Rental Management System 1.0 Reflected XSS (edit-cate.php)
CVE-2024-40474 5.4 - Medium - August 12, 2024

A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0.

XSS

Best House Rental Mgmt Sys 1.0 XSS via index.php (House No, Description)
CVE-2024-40576 - July 29, 2024

Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component.

Best House Rental Management Sys 1.0 Arbitrary File Read via Page param
CVE-2024-39210 7.5 - High - July 05, 2024

Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application.

SQLi in SourceCodester Best House Rental Mgmt Sys 1.0
CVE-2024-6066 9.8 - Critical - June 17, 2024

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.

SQL Injection

SQLi via Username in admin_class.php of SourceCodester 1.0
CVE-2024-6043 9.8 - Critical - June 17, 2024

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.

SQL Injection

SQLi Remote in edit-cate.php of SC Best House Rental 1.0
CVE-2024-5366 6.5 - Medium - May 26, 2024

A vulnerability has been found in SourceCodester Best House Rental Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file edit-cate.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266278 is the identifier assigned to this vulnerability.

SQL Injection

SQLi in manage_payment.php of SourceCodester Best House Rental Mgmt 1.0
CVE-2024-5365 6.5 - Medium - May 26, 2024

A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266277 was assigned to this vulnerability.

SQL Injection

SourceCodester Best House Rental Mgmt SQLi in manage_tenant.php v1.0
CVE-2024-5364 6.5 - Medium - May 26, 2024

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266276.

SQL Injection

SQL Injection in manage_user.php of SourceCodester Best House Rental before 1.0
CVE-2024-5363 6.5 - Medium - May 26, 2024

A vulnerability classified as critical was found in SourceCodester Best House Rental Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266275.

SQL Injection

SQLi in SourceCodester Best House Rental Mgmt Sys 1.0 (view_payment.php)
CVE-2024-5094 9.8 - Critical - May 18, 2024

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265073 was assigned to this vulnerability.

SQL Injection

SQLi in SourceCodester Best House Rental System 1.0 login.php
CVE-2024-5093 9.8 - Critical - May 18, 2024

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072.

SQL Injection