CVE-2026-14642
HighCVSS 7.3Summary
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_class2.php file. Manipulation of the ID argument allows remote SQL injection. The exploit is publicly available.
Risk Assessment
An attacker can remotely read, modify, or delete database data, compromising the confidentiality and integrity of the system's data.
Recommendation
Immediately update the system to the latest version or apply a security patch. In the meantime, restrict access to /edit_class2.php and use parameterized SQL queries.
Original NVD description (English source)
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

