CVE-2024-8709

Summary

CVE-2024-8709 is a critical vulnerability affecting the SourceCodester Best House Rental Management System version 1.0, specifically in the delete_user/save_user function located in /admin_class.php, which is susceptible to SQL injection due to improper handling of the argument id. This vulnerability allows remote attackers to manipulate database queries, potentially leading to unauthorized access and data leakage. The exploit has been publicly disclosed, increasing the risk for organizations still using this software. Remediation involves applying security patches provided by the vendor or disabling vulnerable functionalities until a fix can be deployed. Organizations should prioritize addressing this vulnerability as it poses a medium severity risk with potential impacts on confidentiality and integrity of their systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.