Impact
A flaw in the edit_class2.php file of the SourceCodester Class and Exam Timetabling System allows an attacker to manipulate the ID parameter and inject arbitrary SQL statements. The injection can be performed remotely through a crafted web request. By exploiting this vulnerability, an attacker could read, modify, or delete data in the database, potentially compromising the confidentiality, integrity, and availability of the system’s information.
Affected Systems
SourceCodester Class and Exam Timetabling System version 1.0 is affected.
Risk and Exploitability
The CVSS score of 6.9 indicates moderate severity, and the vulnerability is not listed in the CISA KEV catalog. With publicly available exploit code, the risk of exploitation is real. Attackers can trigger the vulnerability via a web request to edit_class2.php, using a manipulated ID value to execute arbitrary SQL commands. The likely attack vector is remote web access to the vulnerable endpoint.
OpenCVE Enrichment