CVE-2026-14733
SourceCodester · Class and Exam Timetabling System
SourceCodester Class and Exam Timetabling System is vulnerable to injection attacks, specifically SQL injection, which could facilitate unauthorized database interaction.
Executive summary
An unauthenticated SQL injection vulnerability in the SourceCodester Class and Exam Timetabling System poses a significant risk to data confidentiality and application integrity.
Vulnerability
This application is vulnerable to CWE-89 (SQL Injection) and CWE-74 (Injection), which enable an unauthenticated remote attacker to execute arbitrary SQL commands against the database.
Business impact
Exploitation of this vulnerability enables attackers to bypass authentication or extract sensitive institutional information. With a CVSS score of 7.3, the potential for unauthorized data access is substantial. Compromise of this system could result in the loss of class, exam, and user data, necessitating costly remediation and potentially damaging the reputation of the hosting institution.
Remediation
Immediate Action: Check the SourceCodester portal for official security patches and apply them immediately to the affected environment.
Proactive Monitoring: Regularly audit application logs for unusual query activity that deviates from standard operational behavior.
Compensating Controls: Utilize a Web Application Firewall (WAF) to block common SQL injection payloads and monitor for anomalous traffic patterns directed at the application.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The presence of multiple injection vulnerabilities in this software indicates a need for a comprehensive security review. Organizations should apply the primary remediation (patching) as soon as it becomes available and maintain strict access controls to the server hosting this application in the interim.