CVE-2026-14641 in Class and Exam Timetabling Systeminfo

Summary

by MITRE • 07/04/2026

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/05/2026

This vulnerability exists within the SourceCodester Class and Exam Timetabling System version 1.0 where an SQL injection flaw has been identified in the /edit_course.php file. The vulnerability stems from inadequate input validation and sanitization of the ID parameter, allowing malicious actors to manipulate database queries through crafted input values. This represents a critical security weakness that directly violates the principles of secure coding practices and demonstrates poor defense-in-depth strategies.

The technical exploitation occurs when an attacker manipulates the ID argument passed to the edit_course.php script, enabling them to inject malicious SQL commands into the backend database query execution. This type of vulnerability falls under CWE-89 which specifically addresses SQL injection flaws where untrusted data is incorporated into SQL queries without proper sanitization or parameterization. The remote execution capability means attackers do not require physical access to the system and can exploit this through web-based interfaces, making it particularly dangerous for web applications.

The operational impact of this vulnerability extends beyond simple data theft as it provides attackers with potential full database compromise capabilities including unauthorized data modification, deletion, or extraction of sensitive information. The disclosure of exploitation methods increases the risk profile significantly since it enables automated attack tools to leverage this weakness without requiring advanced technical knowledge. This vulnerability directly maps to ATT&CK technique T1190 which describes the use of vulnerabilities in web applications to gain unauthorized access and execute malicious code.

Organizations should immediately implement input validation measures, including parameterized queries and prepared statements to prevent SQL injection attacks. The system requires comprehensive patching of the vulnerable script and implementation of proper input sanitization mechanisms. Additionally, deploying web application firewalls and implementing regular security assessments can help detect and mitigate similar vulnerabilities before they can be exploited by malicious actors. The vulnerability underscores the importance of following secure coding standards and conducting thorough code reviews to prevent such critical flaws from being present in production environments.

Responsible

VulDB

Disclosure

07/04/2026

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00000

KEV

no

Activities

low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!