PT-2026-55725 · Sourcecodester · Class/Exam Timetabling System

Jingyuan Sun

+1

·

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2026-14642

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0
Description Remote SQL injection is possible due to improper handling of the ID argument within the /edit class2.php endpoint. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to manipulate the database.
Recommendations Update SourceCodester Class and Exam Timetabling System version 1.0 to a version that addresses this issue. As a temporary workaround, restrict access to the /edit class2.php file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14642

Affected Products

Class/Exam Timetabling System