SQL Injection Vulnerability in SourceCodester School Fees Payment System
CVE-2024-7167
8.8HIGH
Summary
A significant vulnerability has been identified within the SourceCodester School Fees Payment System 1.0, specifically through the 'manage_course.php' file. The underlying issue involves improper handling of user input, allowing an attacker to manipulate the 'id' argument. This can lead to SQL injection, which might allow unauthorized access to sensitive database information. Given that this vulnerability can be exploited remotely, it poses a serious risk to organizations relying on this system. The public disclosure of this exploit emphasizes the necessity for immediate remediation to prevent potential data breaches.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published