Description
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-06-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in an unnamed function in archive2.php: the sy argument is inserted directly into SQL statements, allowing maliciously crafted input to alter the query. This vulnerability is a classic SQL injection that can be exploited remotely to read, modify or delete data from the database, potentially compromising the confidentiality and integrity of the system's information. The reported CWE identifiers confirm that the issue stems from unvalidated input being used in a database context.

Affected Systems

SourceCodester Class and Exam Timetabling System version 1.0, the sole affected product listed in the CNA data. No other versions are mentioned, so any deployment of this exact release is considered vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium to high severity. The EPSS score is not reported, and the vulnerability is not present in CISA KEV catalog, which suggests that while the flaw is known, widespread exploitation has not been observed yet. Nonetheless, the attack vector is remote and the vulnerability is publicly disclosed, meaning a determined attacker could offer a simple payload to gain unauthorized database access. Proper access controls and database isolation would mitigate the potential damage but do not eliminate the flaw.

Generated by OpenCVE AI on June 8, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the system to a patched version provided by SourceCodester, if available.
  • If no patch exists, block all remote access to archive2.php or restrict it to trusted administrators through firewall or web server configuration.
  • Implement input validation or use prepared statements for the ‘sy’ parameter to prevent SQL injection.
  • Review database permissions to ensure the application operates with the least privilege necessary, limiting the impact of any potential injection.

Generated by OpenCVE AI on June 8, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Title SourceCodester Class and Exam Timetabling System archive2.php sql injection
First Time appeared Sourcecodester
Sourcecodester class And Exam Timetabling System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester class And Exam Timetabling System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Class And Exam Timetabling System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T03:45:10.273Z

Reserved: 2026-06-07T10:02:59.262Z

Link: CVE-2026-11485

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T05:16:29.517

Modified: 2026-06-08T05:16:29.517

Link: CVE-2026-11485

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T07:30:18Z

Weaknesses