CVE-2026-12776

MEDIUM 6.3

Montodel House-Rental-Management index.php houses sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-89 CWE-74
Vendor	montodel
Product	house-rental-management
Published	Jun 21, 2026

Stay Ahead of the Next One

Get instant alerts for montodel house-rental-management

Be the first to know when new medium vulnerabilities affecting montodel house-rental-management are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Montodel / House-Rental-Management

90010017b81265eb1ef3810268909f7719a33863

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/372518 vuldb.com: https://vuldb.com/vuln/372518/cti vuldb.com: https://vuldb.com/cve/CVE-2026-12776 vuldb.com: https://vuldb.com/submit/835037 github.com: https://github.com/yihaofuweng/cve/issues/68

Credits

🔍 yingxiujie (VulDB User) VulDB CNA Team