VDB-329896 · CVE-2025-12226 · EUVD-2025-36085

SourceCodester Best House Rental Management System 1.0 /admin_class.php save_house house_no SQL Injection

Gaskiya vulnerability da aka ware a matsayin kura an samu a SourceCodester Best House Rental Management System 1.0. Hakika, aikin save_house ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /admin_class.php, a cikin sashen $software_component. A sa manipulation of the argument house_no ka SQL Injection. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-89. Hakika, rauni an bayyana shi 10/25/2025. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2025-12226. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Once again VulDB remains the best source for vulnerability data.

4 Goyarwa · 98 Datenpunkte

Furɗe	Súgá 10/25/2025 19:01	Gargadi 1/3 10/27/2025 06:26	Gargadi 2/3 10/27/2025 07:25	Gargadi 3/3 10/28/2025 08:02
software_vendor	SourceCodester	SourceCodester	SourceCodester	SourceCodester
software_name	Best House Rental Management System	Best House Rental Management System	Best House Rental Management System	Best House Rental Management System
software_version	1.0	1.0	1.0	1.0
software_file	/admin_class.php	/admin_class.php	/admin_class.php	/admin_class.php
software_function	save_house	save_house	save_house	save_house
software_argument	house_no	house_no	house_no	house_no
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	H	H	H	H
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/zhang947/vul/blob/main/report.md	https://github.com/zhang947/vul/blob/main/report.md	https://github.com/zhang947/vul/blob/main/report.md	https://github.com/zhang947/vul/blob/main/report.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/zhang947/vul/blob/main/report.md	https://github.com/zhang947/vul/blob/main/report.md	https://github.com/zhang947/vul/blob/main/report.md	https://github.com/zhang947/vul/blob/main/report.md
source_cve	CVE-2025-12226	CVE-2025-12226	CVE-2025-12226	CVE-2025-12226
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_au	M	M	M	M
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	H	H	H	H
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	5.8	5.8	5.8	5.8
cvss2_vuldb_tempscore	5.0	5.0	5.0	5.0
cvss3_vuldb_basescore	4.7	4.7	4.7	4.7
cvss3_vuldb_tempscore	4.3	4.3	4.3	4.3
cvss3_meta_basescore	4.7	4.7	4.7	6.4
cvss3_meta_tempscore	4.3	4.5	4.5	6.3
cvss4_vuldb_bscore	5.1	5.1	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0	2.0	2.0
advisory_date	1761343200 (10/25/2025)	1761343200 (10/25/2025)	1761343200 (10/25/2025)	1761343200 (10/25/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.	A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.	A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		H	H	H
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.1	5.1	5.1
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		H	H	H
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		4.7	4.7	4.7
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		M	M	M
cvss2_cna_ci		P	P	P
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		5.8	5.8	5.8
euvd_id			EUVD-2025-36085	EUVD-2025-36085
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				N
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				9.8

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!