A SQL injection vulnerability has been identified in itsourcecode Online House Rental System version 1.0. The vulnerability affects the /ajax.php?action=login file where manipulation of the Username argument can lead to SQL injection attacks. The vulnerability can be exploited remotely and public exploits are already available. The affected component is an unknown function within the login mechanism. This poses a significant security risk as attackers can potentially access or manipulate the application's database remotely.