PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-16152 SourceCodester CVE debrief

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The affected component is an unknown function of the file /edit_rooma.php. A manipulation of the argument ID results in SQL injection. The attack is possible to be carried out remotely. This vulnerability has a medium severity with a CVSS score of 5.5, indicating a moderate risk to affected systems.

Vendor
SourceCodester
Product
Class and Exam Timetabling System
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-18
Original CVE updated
2026-07-18
Advisory published
2026-07-18
Advisory updated
2026-07-18

Who should care

Users of SourceCodester Class and Exam Timetabling System 1.0 should apply patches or mitigations to prevent exploitation of this SQL injection vulnerability. System administrators and security teams responsible for managing and securing this system should prioritize patching or implementing compensating controls to mitigate the risk of exploitation.

Technical summary

The vulnerability exists in the /edit_rooma.php file of SourceCodester Class and Exam Timetabling System 1.0. An unknown function in this file allows for SQL injection via the ID argument. This could allow remote attackers to manipulate the database, potentially leading to unauthorized data access or modifications. The vulnerability has a CVSS score of 5.5, categorizing it as a medium severity issue.

Defensive priority

Medium priority due to the CVSS score of 5.5 and the potential for remote exploitation.

Recommended defensive actions

  • Apply patches or updates provided by the vendor to fix the SQL injection vulnerability.
  • Implement input validation and sanitization for user-supplied data.
  • Use prepared statements with parameterized queries to prevent SQL injection.
  • Monitor the system for suspicious activity and implement logging and auditing.
  • Consider using a web application firewall to detect and prevent attacks.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-07-18T21:17:03.180Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the vulnerability, and no official patches or workarounds have been provided. The information provided is based on the CVE record and NVD entry, which may not be comprehensive or up-to-date.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T21:17:03.180Z and has not been modified since then. The NVD entry is currently in the 'Received' status.