CVE-2024-8709 MEDIUM

CVE-2024-8709: SourceCodester Best House Rental Management System admin_class.php save_user sql injection

Vendor Sourcecodester
Product Best House Rental Management System
Weakness CWE-89 · SQLi
Published September 12, 2024
Last update September 12, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

September 12, 2024 CVE published
September 12, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-30819 WordPress Simple Giveaways plugin <= 2.48.1 - SQL Injection vulnerability CVE-2022-2643 SourceCodester Online Admission System POST Parameter sql injection CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package CVE-2024-10628 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id CVE-2024-12931 code-projects Simple Admin Panel addCatController.php sql injection