CVE-2024-11860

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 27, 2024
Updated: Dec 4, 2024
CWE ID 285
CWE ID 266

Summary

CVE-2024-11860 is a critical vulnerability identified in the SourceCodester Best House Rental Management System 1.0. The issue lies within the POST Request Handler component, specifically the /rental/ajax.php?action=delete_tenant file. Manipulation of the id argument can lead to improper authorization, enabling unauthorized deletion of tenant records. This vulnerability can be exploited remotely, making it a significant security risk. The exploit for this vulnerability has been disclosed to the public, increasing the potential for malicious attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share