A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0 . The impacted element is an unknown function of the file /ajax.php?action=login . Executing a manipulation of the argument Username can lead to sql injection. This vulnerability appears as CVE-2026-10251 . The attack may be performed from remote. In addition, an exploit is available.