CVE-2026-11471
HighCVSS 7.3Summary
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. Manipulation of the 'Password' argument in the /index2.php file leads to SQL injection, allowing for remote attack.
Risk Assessment
This vulnerability poses a serious risk to organizations as it allows remote attackers to access the database through malicious SQL queries.
Recommendation
It is recommended to immediately update the system to the latest version and implement appropriate security measures to minimize the risk of attack.
Original NVD description (English source)
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

