CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7812 – SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7812
A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to cross site scripting. The attack can be initiated remotely. • https://github.com/lscjl/lsi.webray.com.cn/blob/main/CVE-project/rental%20management%20system%20Stored%20Cross-Site%20Scripting(XSS).md https://vuldb.com/?ctiid.274708 https://vuldb.com/?id.274708 https://vuldb.com/?submit.390953 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39210
https://notcve.org/view.php?id=CVE-2024-39210
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application. Se descubrió que Best House Rental Management System v1.0 contenía una vulnerabilidad de lectura de archivos arbitraria a través del parámetro Page en index.php. Esta vulnerabilidad permite a los atacantes leer archivos PHP arbitrarios y acceder a otra información confidencial dentro de la aplicación. • https://github.com/KRookieSec/CVE-2024-39210 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6066 – SourceCodester Best House Rental Management System payment_report.php sql injection
https://notcve.org/view.php?id=CVE-2024-6066
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jadu101/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sqli.md https://vuldb.com/?ctiid.268794 https://vuldb.com/?id.268794 https://vuldb.com/?submit.358439 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-6043 – SourceCodester Best House Rental Management System admin_class.php login sql injection
https://notcve.org/view.php?id=CVE-2024-6043
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/lfillaz/CVE-2024-6043 https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md https://vuldb.com/?ctiid.268767 https://vuldb.com/?id.268767 https://vuldb.com/?submit.358176 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5366 – SourceCodester Best House Rental Management System edit-cate.php sql injection
https://notcve.org/view.php?id=CVE-2024-5366
A vulnerability has been found in SourceCodester Best House Rental Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file edit-cate.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-4.md https://vuldb.com/?ctiid.266278 https://vuldb.com/?id.266278 https://vuldb.com/?submit.343433 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •