CVSS: 6.9EPSS: %CPEs: 1EXPL: 1CVE-2024-11743 – SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-11743
A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. • https://github.com/YasserREED/YasserREED-CVEs/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Cross-Site%20Request%20Forgery%20(CSRF).md https://vuldb.com/?ctiid.286140 https://vuldb.com/?id.286140 https://vuldb.com/?submit.449697 https://www.sourcecodester.com • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.3EPSS: %CPEs: 1EXPL: 1CVE-2024-11742 – SourceCodester Best House Rental Management System ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11742
A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. • https://github.com/YasserREED/YasserREED-CVEs/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Stored%20Cross-Site%20Scripting%20(XSS).md https://vuldb.com/?ctiid.286139 https://vuldb.com/?id.286139 https://vuldb.com/?submit.449683 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10349 – SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection
https://notcve.org/view.php?id=CVE-2024-10349
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rentalmanagement-system1.md https://vuldb.com/?ctiid.281696 https://vuldb.com/?id.281696 https://vuldb.com/?submit.427472 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10348 – SourceCodester Best House Rental Management System Manage Tenant Details index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10348
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. • https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rental-management-system.md https://vuldb.com/?ctiid.281697 https://vuldb.com/?id.281697 https://vuldb.com/?submit.427471 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9041 – SourceCodester Best House Rental Management System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-9041
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_account. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can be initiated remotely. • https://vuldb.com/?id.278212 https://vuldb.com/?ctiid.278212 https://vuldb.com/?submit.411502 https://github.com/para-paradise/webray.com.cn/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Best%20house%20rental%20management%20system%20update_account%20time-based%20SQL%20Injection%20Vulnerability.md https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •