SQL Injection Vulnerability in SourceCodester School Fees Payment System
CVE-2024-7168

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: School Fees Payment System
Vendor: CVE Published:; 28 July 2024

Summary

A serious security vulnerability has been identified in the SourceCodester School Fees Payment System version 1.0, specifically affecting the functionality associated with the file /manage_user.php. This vulnerability allows attackers to exploit the application by manipulating the 'id' argument, leading to unauthorized SQL queries being executed in the database. As this issue can be exploited remotely, it poses a significant risk to the application's data integrity and security. Organizations using this system should prioritize applying relevant patches and updates to mitigate potential exploitation. The vulnerability has been publicly disclosed, emphasizing the urgency for affected users to take immediate action to secure their systems.

References

https://vuldb.com/?id.272582

https://vuldb.com/?ctiid.272582

https://vuldb.com/?submit.380184

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2024