Description
A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Published: 2026-06-01
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in itsourcecode Online House Rental System 1.0 resides in the manage_payment.php script. By manipulating the ID argument, an attacker can inject arbitrary SQL, making the vulnerability exploitable remotely. The exploit is publicly disclosed and may be used against exposed instances.

Affected Systems

itsourcecode Online House Rental System version 1.0 is affected, with the flaw located in the /manage_payment.php file. No other versions or products are listed.

Risk and Exploitability

With a CVSS score of 6.9 the flaw falls into the medium severity range. No EPSS score is available, so the likelihood of exploitation cannot be quantified. The vulnerability is not in the CISA KEV catalog. Attack vectors are remote over the web, requiring access to the application, and exploitation would entail manipulation of the ID parameter to inject SQL. Because the exploit is public, attackers may attempt automated attacks against exposed instances.

Generated by OpenCVE AI on June 1, 2026 at 15:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest patch or upgrade to the newest version of Online House Rental System that addresses the SQL injection issue.
  • Validate and sanitize the ID parameter received by manage_payment.php, ensuring it contains only numeric values and using parameterized queries to prevent injection.
  • Deploy a web application firewall or configure input filtering to detect and block suspicious SQL injection patterns.

Generated by OpenCVE AI on June 1, 2026 at 15:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Title itsourcecode Online House Rental System manage_payment.php sql injection
First Time appeared Itsourcecode
Itsourcecode online House Rental System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:itsourcecode:online_house_rental_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode online House Rental System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Online House Rental System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T13:00:49.438Z

Reserved: 2026-05-31T10:19:00.223Z

Link: CVE-2026-10253

cve-icon Vulnrichment

Updated: 2026-06-01T13:00:45.515Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T13:16:29.400

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10253

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T16:30:05Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')