CVE-2026-14734

SourceCodester · Class and Exam Timetabling System

A SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands.

Executive summary

An unauthenticated SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 creates a critical risk of database compromise and unauthorized data access.

Vulnerability

The application is susceptible to SQL injection (CWE-89) due to insufficient validation of user-supplied input. This flaw is remotely exploitable without authentication, allowing an attacker to interact directly with the underlying database.

Business impact

The ability to perform SQL injection allows an attacker to bypass authentication mechanisms, view sensitive timetabling and user data, or modify system records. Given the CVSS score of 7.3, this vulnerability threatens the integrity of administrative systems and could lead to unauthorized administrative access or data exfiltration.

Remediation

Immediate Action: Review the vendor's official support channels for security updates or patches for version 1.0. If an update is unavailable, evaluate the necessity of the system and isolate it from public-facing networks.

Proactive Monitoring: Continuously monitor web server and database logs for malicious SQL fragments or unusual traffic spikes that may indicate automated injection attempts.

Compensating Controls: Implement a Web Application Firewall (WAF) to inspect and block inputs containing SQL-specific characters. Ensure that the database user account permissions are restricted to the absolute minimum required for the application to function.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability presents a clear risk to data security and system integrity. Administrators should treat this as a high-priority issue and apply any available vendor patches immediately, or implement strict network-level access controls to prevent external exploitation.