SourceCodester Class and Exam Timetabling System is vulnerable to remote SQL injection, which could lead to unauthorized database access.

This is a SQL injection vulnerability within the index2.php file. Remote, unauthenticated attackers can inject malicious SQL queries into the 'Password' parameter to bypass authentication or extract sensitive information.

The ability to perform SQL injection allows attackers to bypass security controls, extract sensitive database contents, or manipulate application data. The CVSS score of 7.3 highlights the high risk to the confidentiality and integrity of the data managed by the system.

Immediate Action: Update the system if a patch is available or apply custom input sanitization to the 'Password' parameter in index2.php.

Proactive Monitoring: Monitor database query logs for suspicious syntax or unexpected query patterns that indicate SQL injection attempts.

Compensating Controls: Use a WAF to inspect incoming traffic and block common SQL injection patterns before they reach the application.

Public Exploit Available: true

SQL injection is a high-severity risk that can lead to complete database compromise. Organizations utilizing this software should restrict access to the application and ensure that input validation is rigorously implemented as a priority.