CVE-2026-14734
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk33th percentile — higher than 33% of all known CVEs
Summary
A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_product.php file via the ID argument. The attack can be performed remotely and the exploit has been published.
Risk Assessment
The organization is at risk of unauthorized database access, data leakage, and potential system takeover.
Recommendation
Immediately apply a patch or update to the latest version, and implement input validation and sanitization in the /edit_product.php file.
Original NVD description (English source)
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_product.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

