Vulnerability CVE-2024-7166


Published: 2024-07-28

Description:
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://vuldb.com/?id.272580
https://vuldb.com/?ctiid.272580
https://vuldb.com/?submit.380180
https://gist.github.com/topsky979/8ab4ff5ffb2a555694931d14329f5a5d

Copyright 2026, cxsecurity.com

 

Back to Top