SourceCodester Online School Fees System GET Parameter ajx.php sql injection
CVE-2023-3340
9.8CRITICAL
What is CVE-2023-3340?
A vulnerability exists in SourceCodester's Online School Fees System 1.0, specifically within the ajx.php file associated with the GET Parameter Handler. This vulnerability allows for SQL injection through the manipulation of the 'name_startsWith' parameter, enabling attackers to execute arbitrary SQL queries remotely. The exploit has been disclosed publicly, increasing the risk of attacks, which may jeopardize database security and integrity. It's crucial for users to apply relevant security patches and monitor their systems for any unauthorized access.
Affected Version(s)
Online School Fees System 1.0