Cross-Site Request Forgery Vulnerability in School Fees Payment System
CVE-2024-7169

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: School Fees Payment System
Vendor: CVE Published:; 28 July 2024

Summary

A vulnerability has been identified in the SourceCodester School Fees Payment System version 1.0, specifically affecting the ajax.php file. This vulnerability allows for potential cross-site request forgery attacks, enabling an attacker to execute unauthorized commands on behalf of an authenticated user. The exploitation could be performed remotely, making it particularly concerning for users of this system. Given that the details of this vulnerability are publicly disclosed, it is crucial for users and administrators to review the system's security and implement any necessary patches or mitigations to safeguard against potential malicious activities.

References

https://vuldb.com/?id.272583

https://vuldb.com/?ctiid.272583

https://vuldb.com/?submit.380185

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2024