SQL Injection Vulnerability in SourceCodester School Fees Payment System
CVE-2024-7168
Summary
A serious security vulnerability has been identified in the SourceCodester School Fees Payment System version 1.0, specifically affecting the functionality associated with the file /manage_user.php. This vulnerability allows attackers to exploit the application by manipulating the 'id' argument, leading to unauthorized SQL queries being executed in the database. As this issue can be exploited remotely, it poses a significant risk to the application's data integrity and security. Organizations using this system should prioritize applying relevant patches and updates to mitigate potential exploitation. The vulnerability has been publicly disclosed, emphasizing the urgency for affected users to take immediate action to secure their systems.
References
CVSS V3.1
Timeline
Vulnerability published