SQL Injection Vulnerability in SourceCodester School Fees Payment System
CVE-2024-7168

8.8HIGH

Key Information:

Vendor
CVE Published:
28 July 2024

Summary

A serious security vulnerability has been identified in the SourceCodester School Fees Payment System version 1.0, specifically affecting the functionality associated with the file /manage_user.php. This vulnerability allows attackers to exploit the application by manipulating the 'id' argument, leading to unauthorized SQL queries being executed in the database. As this issue can be exploited remotely, it poses a significant risk to the application's data integrity and security. Organizations using this system should prioritize applying relevant patches and updates to mitigate potential exploitation. The vulnerability has been publicly disclosed, emphasizing the urgency for affected users to take immediate action to secure their systems.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.