Lucene search

MitreVULNRICHMENT:CVE-2024-40475

HistoryAug 08, 2024 - 12:00 a.m.

CVE-2024-40475

2024-08-0800:00:00

mitre

github.com

sourcecodester

house rental system

access control

vulnerable

invoices

tenants

users

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

20.0%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:sourcecodester:best_house_rental_management_system:1.0:*:*:*:*:*:*:*"
    ],
    "vendor": "sourcecodester",
    "product": "best_house_rental_management_system",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Deep%20URL.pdf

www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html