CVE Catalog

CVE-2026-14642

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_class2.php file. Manipulation of the ID argument allows remote SQL injection. The exploit is publicly available.

Risk Assessment

An attacker can remotely read, modify, or delete database data, compromising the confidentiality and integrity of the system's data.

Recommendation

Immediately update the system to the latest version or apply a security patch. In the meantime, restrict access to /edit_class2.php and use parameterized SQL queries.

Original NVD description (English source)

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS