Description
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Published: 2026-06-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in an unspecified function of archive5.php, where the argument sy is not properly sanitized, allowing SQL injection. This flaw can enable a remote attacker to manipulate the application’s SQL queries, potentially reading, modifying, or deleting data stored in the underlying database. The weakness corresponds to CWE-74 (URL Parameter Manipulation) and CWE-89 (SQL Injection), both of which directly threaten data confidentiality and integrity.

Affected Systems

The affected system is the SourceCodester Class and Exam Timetabling System, version 1.0, as supplied by SourceCodester. No additional versions are listed as impacted by this report.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.9, indicating a moderate risk level. An EPSS score is not available, so the exact exploitation probability is unknown, but the public availability of the exploit suggests that attackers could realistically target vulnerable instances. The flaw is not currently listed in CISA’s KEV catalog, but the ability to inject SQL remotely without authentication remains a serious concern.

Generated by OpenCVE AI on June 8, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch for SourceCodester Class and Exam Timetabling System 1.0 once it becomes available.
  • Refactor the code that handles the sy parameter to use prepared statements or parameterized queries, ensuring that user input cannot alter the structure of SQL commands.
  • Configure the database user that the application uses to have the least privileges needed by the application, so that even if injection succeeds, the damage is limited.

Generated by OpenCVE AI on June 8, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Title SourceCodester Class and Exam Timetabling System archive5.php sql injection
First Time appeared Sourcecodester
Sourcecodester class And Exam Timetabling System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester class And Exam Timetabling System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Class And Exam Timetabling System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T03:00:16.256Z

Reserved: 2026-06-07T10:02:51.676Z

Link: CVE-2026-11482

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T03:16:20.687

Modified: 2026-06-08T03:16:20.687

Link: CVE-2026-11482

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T04:30:15Z

Weaknesses