Description

A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268458 is the identifier assigned to this vulnerability.

Classification

Assigner: [email protected]

CWE: CWE-89

Links
CPEs
  • itsourcecode online_house_rental_system 1.0

CVSS

CVSS version: 3.1 Base score: 6.3
Base severity: MEDIUM Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability score: 2.8 Impact score: 3.4

Can you explain the CVE description?

This CVE description is about a vulnerability found in itsourcecode Online House Rental System 1.0. The vulnerability is classified as critical and is related to an unknown function in the file manage_user.php that can be exploited for SQL injection. This vulnerability can be exploited remotely, and the exploit has been disclosed to the public. The CVE identifier for this vulnerability is CVE-2024-5981, and it has a CVSS score of 6.3, which categorizes it as having a medium severity level. The CWE associated with this vulnerability is CWE-89. The vulnerability was published on June 14, 2024, and the status is marked as EARLY_WARNING. The description also includes various URLs related to the vulnerability, as well as information on exploitability and impact scores. The assigner of this CVE is [email protected].

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being used as a stepping stone for a larger attack on the Online House Rental System. An attacker could exploit the SQL injection vulnerability in the manage_user.php file to gain unauthorized access to the systems database. Once access is gained, the attacker could potentially extract sensitive information such as user credentials, financial data, or personal information. This information could then be used for further attacks, such as identity theft, financial fraud, or targeted phishing campaigns. Additionally, the attacker could potentially modify or delete data in the database, causing disruption to the systems operations and potentially impacting users ability to rent houses through the platform.


Generated on: 2024-07-01