CVE Catalog

CVE-2026-14734

HighCVSS 7.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile — higher than 33% of all known CVEs

Summary

A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_product.php file via the ID argument. The attack can be performed remotely and the exploit has been published.

Risk Assessment

The organization is at risk of unauthorized database access, data leakage, and potential system takeover.

Recommendation

Immediately apply a patch or update to the latest version, and implement input validation and sanitization in the /edit_product.php file.

Original NVD description (English source)

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_product.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS