Online School Fees System is an online tuition system. A SQL injection vulnerability exists in Online School Fees System v1.0, which originates from a lack of validation of the parameter name_startsWith in the file ajx.php in the component GET Parameter Handler against an externally entered SQL statement. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.