CVE Catalog

CVE-2026-14770

HighCVSS 7.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_room.php file. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit is publicly available.

Risk Assessment

The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to data leakage, modification, or deletion in the system's database.

Recommendation

Immediately update the system to the latest version or apply a security patch. If not possible, restrict access to the /edit_room.php file and use parameterized SQL queries.

Original NVD description (English source)

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_room.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS