PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14642 SourceCodester CVE debrief

A SQL injection vulnerability was identified in the Class and Exam Timetabling System 1.0. The vulnerability affects an unknown functionality of the /edit_class2.php file. The manipulation of the ID argument leads to SQL injection. The attack can be carried out remotely. The exploit is publicly available and might be used. The CVSS score for this vulnerability is 5.5, indicating a medium severity level.

Vendor
SourceCodester
Product
Class and Exam Timetabling System
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Administrators and users of the Class and Exam Timetabling System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it. This vulnerability can be exploited remotely, and the exploit is publicly available. Therefore, it is essential to apply the necessary patches or fixes to prevent exploitation.

Technical summary

The vulnerability is caused by a lack of proper input validation in the /edit_class2.php file. The ID argument is not properly sanitized, allowing an attacker to inject malicious SQL code. This can lead to unauthorized access to sensitive data or disruption of service. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

This vulnerability has a medium severity level, with a CVSS score of 5.5. It is essential to prioritize patching or mitigating this vulnerability to prevent exploitation.

Recommended defensive actions

  • Apply the necessary patches or fixes to the Class and Exam Timetabling System 1.0.
  • Implement input validation and sanitization for the ID argument in the /edit_class2.php file.
  • Monitor the system for suspicious activity and implement logging and auditing mechanisms.
  • Consider implementing a web application firewall (WAF) to detect and prevent SQL injection attacks.
  • Keep the system and its dependencies up-to-date with the latest security patches.

Evidence notes

The vulnerability was reported by an unknown vendor, and the CVE record was published on July 4, 2026. The NVD detail page provides additional information about the vulnerability, including the CVSS vector and weaknesses. The source item URL provides further information about the vulnerability and its impact.

Official resources

This article is AI-assisted and based on the supplied source corpus.