CVE-2026-14732
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_exam.php file via the ID argument. The attack can be performed remotely and the exploit has been publicly disclosed.
Risk Assessment
The organization is at risk of unauthorized database access, data leakage, and potential system compromise.
Recommendation
Immediately apply a patch or update to the latest version, and implement input validation and sanitization in the /edit_exam.php file.
Original NVD description (English source)
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /edit_exam.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

