CVE-2024-11743 MEDIUM

CVE-2024-11743: SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery

Vendor Sourcecodester
Product Best House Rental Management System
Weakness CWE-352 · CSRF
Published November 26, 2024
Last update November 28, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

November 26, 2024 CVE published
November 28, 2024 Record updated