CVE-2024-7166 MEDIUM

CVE-2024-7166: SourceCodester School Fees Payment System receipt.php sql injection

Vendor Sourcecodester
Product School Fees Payment System
Weakness CWE-89 · SQLi
Published July 28, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.

Key dates

02Disclosure timeline

July 28, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-62015 WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.6.8 - SQL Injection vulnerability CVE-2024-13193 SEMCMS Image Library Management Page SEMCMS_Images.php sql injection CVE-2021-24185 Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating CVE-2025-32603 WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability CVE-2023-1301 SourceCodester Friendly Island Pizza Website and Ordering System GET Parameter deleteorder.php sql injection