SourceCodester Best House Rental Management System login.php sql injection
Description
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072.
Affected products
2- Range: =1.0
- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization and lack of parameterized queries in login.php allow SQL injection via the username and password parameters."
Attack vector
An attacker sends an HTTP POST request to `login.php` with a crafted username value such as `' or 1=1-- -` and any password (e.g., `1`). The injected SQL comment `-- -` truncates the remainder of the query, while `or 1=1` makes the WHERE clause always true, bypassing authentication entirely [ref_id=1]. The attack is performed remotely over the network with no prior authentication required.
Affected code
The vulnerable file is `login.php` in the SourceCodester Best House Rental Management System 1.0. The username and password parameters are passed unsanitized into a SQL query, allowing an attacker to inject arbitrary SQL statements.
What the fix does
No patch has been published by the vendor. The advisory [ref_id=1] demonstrates that the application fails to sanitize or parameterize the username and password inputs before using them in a SQL query. The remediation would require using prepared statements or parameterized queries to separate SQL logic from user-supplied data, and validating input types and lengths server-side.
Preconditions
- networkThe login.php endpoint must be reachable over HTTP
- authNo authentication or session is required before sending the malicious request
- inputThe attacker supplies a SQL injection payload in the username field
Reproduction
1. Navigate to `http://localhost/rental/login.php`. 2. Enter `' or 1=1-- -` in the username field and `1` in the password field. 3. Click the login button. 4. The application authenticates the attacker as a valid user, bypassing the login check [ref_id=1].
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20Authentication%20Bypass.mdmitreexploit
- vuldb.commitrethird-party-advisory
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.