Description
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_class.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Published: 2026-06-29
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in a function of edit_class.php in SourceCodester Class and Exam Timetabling System 1.0. By manipulating the ID argument, an attacker can inject SQL statements, allowing execution of arbitrary database commands. This vulnerability does not require local access and can compromise data confidentiality, integrity, and potentially lead to broader system compromise.

Affected Systems

SourceCodester Class and Exam Timetabling System version 1.0. Only the /edit_class.php endpoint is affected. The impact is limited to the application’s database layer and does not extend to the underlying operating system or other services.

Risk and Exploitability

The CVSS score of 6.9 indicates medium severity. EPSS information is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no public weaponized exploitation yet. The attack vector is remote, relying on an attacker supplying a crafted ID parameter to inject SQL. Exploitation would require the application to be reachable over the network and to accept unauthenticated or weakly authenticated requests to edit_class.php.

Generated by OpenCVE AI on June 29, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Implement input validation and parameterized queries for the ID field in edit_class.php
  • Restrict access to edit_class.php so that only authenticated administrators can invoke it
  • Apply any available vendor patch or update to a fixed version

Generated by OpenCVE AI on June 29, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_class.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Title SourceCodester Class and Exam Timetabling System edit_class.php sql injection
First Time appeared Sourcecodester
Sourcecodester class And Exam Timetabling System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester class And Exam Timetabling System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Class And Exam Timetabling System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T02:15:08.654Z

Reserved: 2026-06-28T07:52:44.064Z

Link: CVE-2026-13526

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T03:30:05Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')