Description
A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Published: 2026-05-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the /index.php SQL handler of SourceCodester CET Automated Grading System with AI Predictive Analytics, where crafted input can trigger error messages that expose internal details. The vulnerability is a classic instance of CWE‑200 (Information Exposure) combined with CWE‑209 (Improper Exposure of Personal Information). It can be inferred that the information exposed is system or database information, so the impact is exposure of potentially sensitive data rather than direct code execution or disruption.

Affected Systems

The flaw affects SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0. The vulnerability is located in the /index.php file, which serves as the SQL handler for the application. Any instance of this product running that code path is potentially vulnerable if detailed error output is enabled; detailed error output being enabled is not stated, but it can be inferred that enabled error output would expose more information. The application is publicly available through SourceCodester’s website.

Risk and Exploitability

The CVSS score of 5.3 denotes a moderate severity vulnerability. The EPSS score is currently not available, and the flaw is not listed in CISA’s KEV catalog, implying no confirmed large‑scale exploitation yet. However, a proof‑of‑concept exploit has been published publicly, enabling remote attackers to trigger the vulnerable code path and retrieve the detailed error information. Given the nature of the attack vector—remote web request—the risk remains significant for unprotected instances, especially if detailed error output is enabled. It can be inferred that enabling detailed error output would exacerbate the exposure. The absence of a known patch at this time shifts the focus to configuring the application to limit error exposure and monitoring the vendor for any remediation updates.

Generated by OpenCVE AI on May 26, 2026 at 23:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable detailed error reporting in the SQL handler so that errors do not reveal database information to users
  • Configure the PHP runtime to suppress all error messages that bubble to the browser, directing them only to secure log files
  • Apply any vendor‑released patch for CET Automated Grading System once it becomes available

Generated by OpenCVE AI on May 26, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 21:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Title SourceCodester CET Automated Grading System with AI Predictive Analytics SQL index.php information exposure
First Time appeared Sourcecodester
Sourcecodester cet Automated Grading System With Ai Predictive Analytics
Weaknesses CWE-200
CWE-209
CPEs cpe:2.3:a:sourcecodester:cet_automated_grading_system_with_ai_predictive_analytics:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester cet Automated Grading System With Ai Predictive Analytics
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Cet Automated Grading System With Ai Predictive Analytics
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-28T14:10:23.697Z

Reserved: 2026-05-26T12:53:04.055Z

Link: CVE-2026-9583

cve-icon Vulnrichment

Updated: 2026-05-28T14:10:15.570Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T21:16:45.667

Modified: 2026-06-17T11:05:31.160

Link: CVE-2026-9583

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T23:45:06Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-209

    Generation of Error Message Containing Sensitive Information