Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Montodel
CVE-2026-12776 (GCVE-0-2026-12776)
Vulnerability from cvelistv5 – Published: 2026-06-21 04:45 – Updated: 2026-06-21 04:45
VLAI
Title
Montodel House-Rental-Management index.php houses sql injection
Summary
A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/372518 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/372518/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12776 | third-party-advisory |
| https://vuldb.com/submit/835037 | third-party-advisory |
| https://github.com/yihaofuweng/cve/issues/68 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Montodel | House-Rental-Management |
Affected:
90010017b81265eb1ef3810268909f7719a33863
cpe:2.3:a:montodel:house-rental-management:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:montodel:house-rental-management:*:*:*:*:*:*:*:*"
],
"product": "House-Rental-Management",
"vendor": "Montodel",
"versions": [
{
"status": "affected",
"version": "90010017b81265eb1ef3810268909f7719a33863"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yingxiujie (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-21T04:45:08.051Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-372518 | Montodel House-Rental-Management index.php houses sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/372518"
},
{
"name": "VDB-372518 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/372518/cti"
},
{
"name": "CVE-2026-12776 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12776"
},
{
"name": "Submit #835037 | github House-Rental-Management V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/835037"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yihaofuweng/cve/issues/68"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-20T11:37:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Montodel House-Rental-Management index.php houses sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12776",
"datePublished": "2026-06-21T04:45:08.051Z",
"dateReserved": "2026-06-20T09:32:07.006Z",
"dateUpdated": "2026-06-21T04:45:08.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12775 (GCVE-0-2026-12775)
Vulnerability from cvelistv5 – Published: 2026-06-21 04:00 – Updated: 2026-06-21 04:00
VLAI
Title
Montodel House-Rental-Management login.php sql injection
Summary
A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/372517 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/372517/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12775 | third-party-advisory |
| https://vuldb.com/submit/835036 | third-party-advisory |
| https://github.com/yihaofuweng/cve/issues/67 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Montodel | House-Rental-Management |
Affected:
90010017b81265eb1ef3810268909f7719a33863
cpe:2.3:a:montodel:house-rental-management:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:montodel:house-rental-management:*:*:*:*:*:*:*:*"
],
"product": "House-Rental-Management",
"vendor": "Montodel",
"versions": [
{
"status": "affected",
"version": "90010017b81265eb1ef3810268909f7719a33863"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yingxiujie (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-21T04:00:08.325Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-372517 | Montodel House-Rental-Management login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/372517"
},
{
"name": "VDB-372517 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/372517/cti"
},
{
"name": "CVE-2026-12775 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12775"
},
{
"name": "Submit #835036 | github House-Rental-Management V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/835036"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yihaofuweng/cve/issues/67"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-20T11:37:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Montodel House-Rental-Management login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12775",
"datePublished": "2026-06-21T04:00:08.325Z",
"dateReserved": "2026-06-20T09:32:04.530Z",
"dateUpdated": "2026-06-21T04:00:08.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}