CVE-2026-10251— itsourcecode Online House Rental System ajax.php login sql injection
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| itsourcecode | Online House Rental System | 1.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10251
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
itsourcecode Online House Rental System ajax.php login sql injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| itsourcecode | Online House Rental System | 1.0 | cpe:2.3:a:itsourcecode:online_house_rental_system:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10251
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10251
请登录查看更多情报信息。
News Coverage for CVE-2026-10251 (1)
Other References for CVE-2026-10251 (1)
Same Patch Batch · itsourcecode · 2026-06-01 · 10 CVEs total
| CVE-2026-10253 | 7.3 HIGH | itsourcecode Online House Rental System manage_payment.php sql injection |
| CVE-2026-10252 | 7.3 HIGH | itsourcecode Online House Rental System manage_tenant.php sql injection |
| CVE-2026-10250 | 7.3 HIGH | itsourcecode Online Blood Bank Management System campsdetails.php sql injection |
| CVE-2026-10249 | 7.3 HIGH | itsourcecode Online Blood Bank Management System viewrequest.php sql injection |
| CVE-2026-10265 | 6.3 MEDIUM | itsourcecode Content Management System edit_topic.php sql injection |
| CVE-2026-10258 | 6.3 MEDIUM | itsourcecode Content Management System add_sub_topic.php sql injection |
| CVE-2026-10257 | 6.3 MEDIUM | itsourcecode Content Management System update_ss_img.php sql injection |
| CVE-2026-10256 | 6.3 MEDIUM | itsourcecode Content Management System save_comment.php sql injection |
| CVE-2026-10242 | 6.3 MEDIUM | itsourcecode Content Management System instructions.php sql injection |
IV. Related Vulnerabilities
Same product: Online House Rental System
Same vendor: itsourcecode
- CVE-2026-10265
itsourcecode Content Management System edit_topic.php sql in - CVE-2026-10258
itsourcecode Content Management System add_sub_topic.php sql - CVE-2026-10257
itsourcecode Content Management System update_ss_img.php sql - CVE-2026-10256
itsourcecode Content Management System save_comment.php sql - CVE-2026-10253
itsourcecode Online House Rental System manage_payment.php s
Same weakness: CWE-89
- CVE-2026-45722
Nextcloud: Tables app allows limited SQLi in ORDER BY with m - CVE-2026-45545
Nextcloud: SQL Injection in Column Type Parameter Allows Arb - CVE-2026-42672
WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection v - CVE-2026-10265
itsourcecode Content Management System edit_topic.php sql in - CVE-2026-10263
SourceCodester Computer Repair Shop Management System manage
V. Comments for CVE-2026-10251
No comments yet