CVE-2025-12598

CWE-74 CWE-89 — SQL Injection3 documents3 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 92.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Best House Rental Management System Mayurik Best House Rental Management System

Timeline

PublishedNov 2

Description

A flaw has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is the function save_tenant of the file /admin_class.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. Other parameters might be affected as well.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/best_house_rental_management_system1.0

▶NVDmayurik/best_house_rental_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Best House Rental Management System admin_class.php save_tenant sql injection↗2025-11-02

▶

GHSA

GHSA-3f3r-7r2j-v7vc: A flaw has been found in SourceCodester Best House Rental Management System 1↗2025-11-02

▶