Yasser Alshammari

3 exploits Active since Nov 2024
CVE-2024-11742 WRITEUP LOW WRITEUP
SourceCodester Best House Rental Management System 1.0 - XSS
A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS 3.5
CVE-2024-11743 WRITEUP MEDIUM WRITEUP
SourceCodester Best House Rental Management System 1.0 - CSRF
A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2024-11860 WRITEUP MEDIUM WRITEUP
SourceCodester Best House Rental Management System 1.0 - Auth Bypass
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.5