Back to overview

CVE-2026-14771

HIGH Exploitation: PoC
7.3
CVSS 3.1
Description
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /edit_exam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

Metadata

CVE ID
CVE-2026-14771
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-05 04:01 UTC
Published
2026-07-05 21:30 UTC
Last updated
2026-07-06 13:03 UTC
Primary CWE
CWE-89
SQL Injection
Vendor / Product
SourceCodester / Class and Exam Timetabling System
Sources
cve.org  ·  NVD

Severity & Metrics

7.3 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
SourceCodester Class and Exam Timetabling System 1.0, 1.php
Weakness (CWE)
CWESourceDescription
CWE-74 cna Injection
CWE-89 cna SQL Injection
CVSS scores (4)
ScoreSeverityVersionSourceVector
7.5 N/D 2.0 cna AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
7.3 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.3 HIGH 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (6)
Back to overview