CVE-2026-12775: SQL Injection in Montodel House-Rental-Management
CVE-2026-12775 is a medium severity SQL injection vulnerability in Montodel House-Rental-Management affecting the /login.php file via the Username parameter. The vulnerability allows remote attackers to manipulate SQL queries. The product uses a rolling release model, so specific affected or fixed versions are not available. The vendor did not respond to early disclosure attempts, and no official patch or remediation guidance is currently known.
AI Analysis
Technical Summary
This vulnerability in Montodel House-Rental-Management up to commit 90010017b81265eb1ef3810268909f7719a33863 involves SQL injection through the Username argument in /login.php. The issue allows remote unauthenticated attackers to inject SQL commands, potentially compromising the database. The product's rolling release model prevents precise version identification. No vendor response or patch information is available, and the exploit code is publicly known.
Potential Impact
Successful exploitation can lead to unauthorized database access or manipulation due to SQL injection. The vulnerability is remotely exploitable without authentication. The CVSS 4.0 base score is 6.9 (medium), reflecting low attack complexity and no required privileges or user interaction, but limited impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no patch is known, users should monitor official Montodel communications for updates. Until a fix is available, consider implementing web application firewall (WAF) rules to detect and block SQL injection attempts targeting the /login.php Username parameter.
CVE-2026-12775: SQL Injection in Montodel House-Rental-Management
Description
CVE-2026-12775 is a medium severity SQL injection vulnerability in Montodel House-Rental-Management affecting the /login.php file via the Username parameter. The vulnerability allows remote attackers to manipulate SQL queries. The product uses a rolling release model, so specific affected or fixed versions are not available. The vendor did not respond to early disclosure attempts, and no official patch or remediation guidance is currently known.
CVSS v4.0
Score 6.9medium
Affected software
cpe:2.3:a:montodel:house-rental-management:*:*:*:*:*:*:*:*AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Montodel House-Rental-Management up to commit 90010017b81265eb1ef3810268909f7719a33863 involves SQL injection through the Username argument in /login.php. The issue allows remote unauthenticated attackers to inject SQL commands, potentially compromising the database. The product's rolling release model prevents precise version identification. No vendor response or patch information is available, and the exploit code is publicly known.
Potential Impact
Successful exploitation can lead to unauthorized database access or manipulation due to SQL injection. The vulnerability is remotely exploitable without authentication. The CVSS 4.0 base score is 6.9 (medium), reflecting low attack complexity and no required privileges or user interaction, but limited impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no patch is known, users should monitor official Montodel communications for updates. Until a fix is available, consider implementing web application firewall (WAF) rules to detect and block SQL injection attempts targeting the /login.php Username parameter.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-20T09:32:04.530Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3778eb9c760d8add8aba2e
Added to database: 06/21/2026, 05:38:51 UTC
Last enriched: 06/21/2026, 05:53:00 UTC
Last updated: 06/21/2026, 06:23:00 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.