CVE-2026-14733
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the file /edit_coursea.php. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit is publicly available.
Risk Assessment
The risk includes unauthorized database access, leakage of sensitive data (e.g., schedules), and potential modification or deletion of system data.
Recommendation
Immediately update the system to the latest version or apply a security patch. If not possible, disable access to /edit_coursea.php or implement input filtering.
Original NVD description (English source)
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. This issue affects some unknown processing of the file /edit_coursea.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

