Description
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-07-04
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An input parameter named ID in edit_course.php is not properly sanitized, allowing an attacker to inject arbitrary SQL statements. This flaw is reflected in the CWE‑74 and CWE‑89 identifiers. An attacker who successfully exploits the injection can read, modify, or delete data stored in the application’s database, potentially compromising confidential educational records and disrupting the timetabling service.

Affected Systems

The vulnerable functionality is present in SourceCodester’s Class and Exam Timetabling System, version 1.0. The issue appears to affect an unspecified internal endpoint, but the only publicly referenced product and version is the 1.0 release of that system.

Risk and Exploitability

The CVSS score of 6.9 places the vulnerability in the medium‑to‑high severity range. No EPSS data is available, and the item is not listed in the CISA KEV catalog, but the public disclosure and remote execution capability suggest that exploitation is plausible. An attacker can perform the attack over the network against any instance that accepts input for the ID parameter without additional network isolation.

Generated by OpenCVE AI on July 4, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch or upgrade to a later, non‑vulnerable version of the application
  • Refactor the edit_course.php code to use prepared statements or parameterized queries for all database interactions involving the ID parameter
  • Limit the database user permissions that the application uses, granting only the minimum privileges required for normal operation and monitoring the logs for anomalous query activity.

Generated by OpenCVE AI on July 4, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 04 Jul 2026 18:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Title SourceCodester Class and Exam Timetabling System edit_course.php sql injection
First Time appeared Sourcecodester
Sourcecodester class And Exam Timetabling System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester class And Exam Timetabling System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Sourcecodester Class And Exam Timetabling System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-04T18:30:09.105Z

Reserved: 2026-07-03T17:44:12.476Z

Link: CVE-2026-14641

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-05T00:00:16Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')