PT-2026-55725 · Sourcecodester · Class/Exam Timetabling System
Jingyuan Sun
+1
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-14642
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SourceCodester Class and Exam Timetabling System version 1.0
Description
Remote SQL injection is possible due to improper handling of the
ID argument within the /edit class2.php endpoint. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to manipulate the database.Recommendations
Update SourceCodester Class and Exam Timetabling System version 1.0 to a version that addresses this issue.
As a temporary workaround, restrict access to the
/edit class2.php file to minimize the risk of exploitation.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Class/Exam Timetabling System