A vulnerability, which was classified as critical , has been found in itsourcecode Online House Rental System 1.0 . This affects an unknown function of the file /manage_tenant.php . The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2026-10252 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available.