6 matches found
CVE-2024-7164
CVE-2024-7164 affects SourceCodester School Fees Payment System v1.0. The vulnerability is an SQL injection in the /ajax.php?action=login endpoint, triggered by manipulating the username parameter. Exploitation is remote and has been publicly disclosed. Data confidentiality, integrity, and availa...
CVE-2024-7168
CVE-2024-7168 affects SourceCodester School Fees Payment System 1.0. The vulnerability is an SQL injection in the /manage_user.php file triggered by manipulating the id parameter, enabling remote access with high impact as described in multiple sources. The exploit has been disclosed publicly. No...
CVE-2024-7166
SourceCodester School Fees Payment System 1.0 contains a SQL injection in /receipt.php via the ef_id parameter. The vulnerability allows remote exploitation and is publicly disclosed. Affected component: the receipt.php handling logic; root cause: improper handling of ef_id leading to injection. ...
CVE-2024-7165
CVE-2024-7165 affects SourceCodester School Fees Payment System 1.0, via SQL injection in the /view_payment.php file caused by manipulating the ef_id parameter. The issue can be exploited remotely and an exploit has been disclosed publicly. Connected sources confirm the vulnerability details and ...
CVE-2024-7167
CVE-2024-7167 affects SourceCodester School Fees Payment System v1.0, with an SQL injection in the /manage_course.php file via the id parameter. The vulnerability is exploitable remotely and is described as critical; exploitation can lead to disclosure, modification, or damage of data due to inje...
CVE-2024-7169
CVE-2024-7169 affects SourceCodester School Fees Payment System 1.0. The vulnerability is a cross-site request forgery in the unknown part of the file /ajax.php that can be triggered remotely. Multiple connected sources confirm the issue and link it to the /ajax.php endpoint, with the exploit dis...