CVE-2026-14770
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_room.php file. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit is publicly available.
Risk Assessment
The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to data leakage, modification, or deletion in the system's database.
Recommendation
Immediately update the system to the latest version or apply a security patch. If not possible, restrict access to the /edit_room.php file and use parameterized SQL queries.
Original NVD description (English source)
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_room.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

