CVE-2024-0502 MEDIUM

CVE-2024-0502: SourceCodester House Rental Management System Edit User manage_user.php sql injection

Vendor Sourcecodester
Product House Rental Management System
Weakness CWE-89 · SQLi
Published January 13, 2024
Last update October 24, 2024
View on NVD All CVEs

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

January 13, 2024 CVE published
October 24, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-39586 WordPress ProfileGrid plugin <= 5.9.4.8 - SQL Injection Vulnerability CVE-2022-39180 College Management System v1.0 - SQL Injection (SQLi) CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values CVE-2024-24868 WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection