A classic SQL injection vulnerability exists in the sourcecodester online thesis archiving system v1.0, specifically within the file /otas/view_archive.php. The flaw allows an attacker to inject arbitrary SQL code into the database query, which can result in the leakage of confidential thesis documents, alteration of stored records, or deletion of data. As the injection occurs in a publicly accessible endpoint, any user with network access to the web application could potentially exploit it. The weakness is identified as a classic input validation failure (CWE‑89).

The software affected is the Sourcecodester Online Thesis Archiving System version 1.0. No vendor name is provided in the CNA mapping and the product appears to be a community‑developed PHP application used for storing academic theses. The only explicit version information available is v1.0; further details such as patch levels are not disclosed.

The CVSS base score of 7.3 indicates a high severity level, with the attack requiring local or remote code execution through the web layer. EPSS indicates a low probability of exploitation (<1%), and the issue is not listed in the CISA KEV catalog. The likely attack vector is through HTTP requests sent to /otas/view_archive.php with crafted parameters, a typical scenario for web‑application SQL injection. Without mitigation, an attacker could read or modify the underlying MySQL database used by the application.