CVE-2026-14732

SourceCodester · Class and Exam Timetabling System

The SourceCodester Class and Exam Timetabling System is vulnerable to SQL injection, which may allow unauthenticated attackers to manipulate database queries.

Executive summary

SourceCodester Class and Exam Timetabling System contains a critical SQL injection vulnerability that could lead to unauthorized data access or database manipulation.

Vulnerability

The application is susceptible to CWE-89 (SQL Injection) and CWE-74 (Injection), allowing an unauthenticated remote attacker to supply malicious input that alters back-end database queries.

Business impact

SQL injection vulnerabilities in educational management software can lead to the unauthorized disclosure of sensitive student and administrative data. The CVSS score of 7.3 reflects the high risk of data compromise. Unauthorized access to the underlying database can also lead to the integrity loss of scheduling information, resulting in significant operational downtime for academic institutions.

Remediation

Immediate Action: Review the SourceCodester vendor site for security updates or patches; if no patch is available, assess the necessity of taking the service offline.

Proactive Monitoring: Monitor database query logs for suspicious patterns, such as unexpected syntax or attempts to access administrative tables.

Compensating Controls: Deploy a Web Application Firewall (WAF) with SQL injection protection rules enabled to filter malicious inputs reaching the application.

Exploitation status

Public Exploit Available: false

Analyst recommendation

SQL injection is a well-understood but dangerous vulnerability class. Administrators should prioritize sanitizing all user-supplied input if custom code modifications are possible, or restrict network access to the application to trusted users only until a vendor-supplied patch is applied.