Description
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Published: 2026-07-04
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the edit_class2.php file of the SourceCodester Class and Exam Timetabling System allows an attacker to manipulate the ID parameter and inject arbitrary SQL statements. The injection can be performed remotely through a crafted web request. By exploiting this vulnerability, an attacker could read, modify, or delete data in the database, potentially compromising the confidentiality, integrity, and availability of the system’s information.

Affected Systems

SourceCodester Class and Exam Timetabling System version 1.0 is affected.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the vulnerability is not listed in the CISA KEV catalog. With publicly available exploit code, the risk of exploitation is real. Attackers can trigger the vulnerability via a web request to edit_class2.php, using a manipulated ID value to execute arbitrary SQL commands. The likely attack vector is remote web access to the vulnerable endpoint.

Generated by OpenCVE AI on July 5, 2026 at 07:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Class and Exam Timetabling System to the latest released version that addresses the SQL injection flaw.
  • Refactor the edit_class2.php code to use parameterized queries or stored procedures so that the ID value cannot alter the SQL command structure.
  • Configure the database user with the least privileges necessary, limiting the scope of damage if an injection still occurs.

Generated by OpenCVE AI on July 5, 2026 at 07:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 04 Jul 2026 19:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Title SourceCodester Class and Exam Timetabling System edit_class2.php sql injection
First Time appeared Sourcecodester
Sourcecodester class And Exam Timetabling System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester class And Exam Timetabling System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Sourcecodester Class And Exam Timetabling System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-04T18:45:08.326Z

Reserved: 2026-07-03T17:44:14.879Z

Link: CVE-2026-14642

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-05T08:00:12Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')