CVE-2024-6043

HIGH

Best House Rental Management System 1.0 - SQL Injection via admin_class.php Login Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6043. PoCs published by lfillaz.

AI-analyzed exploit summary This Python script exploits CVE-2024-6043, an SQL injection vulnerability in SourceCodester Best House Rental Management System 1.0, targeting the `username` parameter in `admin_class.php` to bypass authentication.

Description

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.

Exploits (1)

nomisec WORKING POC 3 stars

by lfillaz · poc

https://github.com/lfillaz/CVE-2024-6043

View Code ZIP pw:eip

This Python script exploits CVE-2024-6043, an SQL injection vulnerability in SourceCodester Best House Rental Management System 1.0, targeting the `username` parameter in `admin_class.php` to bypass authentication.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: SourceCodester Best House Rental Management System 1.0

No auth needed

Prerequisites: Target must be running vulnerable version of the software · Access to the `/admin_class.php` endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Permissions Required, Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.268767

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.268767

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.358176

Exploit, Third Party Advisory exploit

https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0193

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

mayurik/best_house_rental_management_system 1.0

Published Jun 17, 2024

Tracked Since Feb 18, 2026