Impact
The vulnerability in SourceCodester Class and Exam Timetabling System’s edit_class1.php allows an attacker to manipulate the ID parameter to inject arbitrary SQL, thereby enabling unauthorized database access, data modification, or exfiltration. This SQL injection flaw (CWE-74 and CWE‑89) can be executed remotely, potentially leading to loss of confidentiality, integrity, and availability of the timetabling data.
Affected Systems
The flaw affects the 1.0 release of SourceCodester Class and Exam Timetabling System, specifically the edit_class1.php script. The affected product is listed under the SourceCodester vendor for the class_and_exam_timetabling_system application (CPE: cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*).
Risk and Exploitability
The CVSS score of 6.9 indicates a medium impact level, and while the EPSS score is not available, the vulnerability is publicly disclosed and can be exploited remotely without authentication. Because it is not currently listed in CISA’s KEV catalog, the focus should be on quickly applying any vendor fixes or mitigating controls.
OpenCVE Enrichment