CVE-2026-14733

SourceCodester · Class and Exam Timetabling System

SourceCodester Class and Exam Timetabling System is vulnerable to injection attacks, specifically SQL injection, which could facilitate unauthorized database interaction.

Executive summary

An unauthenticated SQL injection vulnerability in the SourceCodester Class and Exam Timetabling System poses a significant risk to data confidentiality and application integrity.

Vulnerability

This application is vulnerable to CWE-89 (SQL Injection) and CWE-74 (Injection), which enable an unauthenticated remote attacker to execute arbitrary SQL commands against the database.

Business impact

Exploitation of this vulnerability enables attackers to bypass authentication or extract sensitive institutional information. With a CVSS score of 7.3, the potential for unauthorized data access is substantial. Compromise of this system could result in the loss of class, exam, and user data, necessitating costly remediation and potentially damaging the reputation of the hosting institution.

Remediation

Immediate Action: Check the SourceCodester portal for official security patches and apply them immediately to the affected environment.

Proactive Monitoring: Regularly audit application logs for unusual query activity that deviates from standard operational behavior.

Compensating Controls: Utilize a Web Application Firewall (WAF) to block common SQL injection payloads and monitor for anomalous traffic patterns directed at the application.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The presence of multiple injection vulnerabilities in this software indicates a need for a comprehensive security review. Organizations should apply the primary remediation (patching) as soon as it becomes available and maintain strict access controls to the server hosting this application in the interim.