Description
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Published: 2026-06-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A SQL injection vulnerability has been discovered in the SourceCodester Class and Exam Timetabling System. The flaw resides in an undisclosed function within /index2.php, where an attacker can manipulate the Password argument to inject arbitrary SQL statements. Successful exploitation can lead to unauthorized database access, allowing the attacker to read, modify, or delete sensitive data and potentially escalating to full database compromise.

Affected Systems

Vulnerability affects the SourceCodester Class and Exam Timetabling System version 1.0. The product, originally distributed via SourceCodester, contains the faulty script at /index2.php. Users running this version are exposed to the risk unless a patch is applied.

Risk and Exploitability

The CVSS base score of 6.9 classifies this issue as moderate severity, signifying a significant threat when combined with remote exploitation capabilities. No EPSS score is available, but the public release of exploit code indicates a non‑zero exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the flaw remotely by sending a crafted HTTP request to index2.php with a malicious Password value; no authentication is required per the available description, making the attack vector low barrier.

Generated by OpenCVE AI on June 8, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or upgrade to a newer release of SourceCodester Class and Exam Timetabling System that resolves the SQL injection flaw.
  • Rewrite the vulnerable code to use parameterized queries or stored procedures for all database interactions, especially for the Password field in index2.php.
  • Implement strict input validation on the Password parameter, limiting allowed characters and length, and enforce authenticated access to index2.php to prevent unauthenticated exploitation.

Generated by OpenCVE AI on June 8, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Title SourceCodester Class and Exam Timetabling System index2.php sql injection
First Time appeared Sourcecodester
Sourcecodester class And Exam Timetabling System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester class And Exam Timetabling System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Class And Exam Timetabling System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T00:15:08.877Z

Reserved: 2026-06-07T09:32:39.504Z

Link: CVE-2026-11471

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T01:16:22.600

Modified: 2026-06-08T01:16:22.600

Link: CVE-2026-11471

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T02:30:13Z

Weaknesses