SourceCodester Online School Fees System GET Parameter ajx.php sql injection
CVE-2023-3340

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Online School Fees System
Vendor
CVE Published:
20 June 2023

What is CVE-2023-3340?

A vulnerability exists in SourceCodester's Online School Fees System 1.0, specifically within the ajx.php file associated with the GET Parameter Handler. This vulnerability allows for SQL injection through the manipulation of the 'name_startsWith' parameter, enabling attackers to execute arbitrary SQL queries remotely. The exploit has been disclosed publicly, increasing the risk of attacks, which may jeopardize database security and integrity. It's crucial for users to apply relevant security patches and monitor their systems for any unauthorized access.

Affected Version(s)

Online School Fees System 1.0

References

https://vuldb.com/?id.232016
vdb-entrytechnical-description
https://vuldb.com/?ctiid.232016
signaturepermissions-required
https://github.com/M9KJ-TEAM/CVEReport/blob/main/SQL.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zhangyf (VulDB User)
.