SQL Injection Vulnerability in SourceCodester School Fees Payment System
CVE-2024-7167

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
School Fees Payment System
Vendor
CVE Published:
28 July 2024

Summary

A significant vulnerability has been identified within the SourceCodester School Fees Payment System 1.0, specifically through the 'manage_course.php' file. The underlying issue involves improper handling of user input, allowing an attacker to manipulate the 'id' argument. This can lead to SQL injection, which might allow unauthorized access to sensitive database information. Given that this vulnerability can be exploited remotely, it poses a serious risk to organizations relying on this system. The public disclosure of this exploit emphasizes the necessity for immediate remediation to prevent potential data breaches.

References

https://vuldb.com/?id.272581
https://vuldb.com/?ctiid.272581
https://vuldb.com/?submit.380181

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.