CVE-2026-14771: SourceCodester Class and Exam Timetabling System SQL Injection Vulnerability
A critical SQL injection vulnerability (CVE-2026-14771) has been discovered in SourceCodester Class and Exam Timetabling System version 1.0, allowing remote unauthenticated attackers to manipulate the 'ID' argument in `/edit_exam1.php`, leading to arbitrary SQL command execution and potential data compromise.
A high-severity SQL injection vulnerability, identified as CVE-2026-14771, affects SourceCodester Class and Exam Timetabling System version 1.0. The flaw resides within an unknown function of the /edit_exam1.php file, specifically when processing the ID argument. This vulnerability allows a remote, unauthenticated attacker to inject malicious SQL queries by manipulating the ID parameter. The exploitation of this vulnerability can lead to unauthorized access to sensitive data, data manipulation, and potentially remote code execution on the underlying database server, severely compromising the system's confidentiality, integrity, and availability. An exploit for CVE-2026-14771 has been publicly published, significantly increasing the risk of widespread exploitation against vulnerable instances of the system. Defenders should prioritize patching and implementing robust web application security measures.
Attack Chain
- A remote, unauthenticated attacker identifies a vulnerable SourceCodester Class and Exam Timetabling System 1.0 instance, often exposed to the internet.
- The attacker crafts a malicious HTTP POST request targeting the
/edit_exam1.phpendpoint. - The request includes a specially formulated SQL injection payload within the
IDargument, designed to bypass input sanitization. - The vulnerable web application processes the unsanitized
IDargument, causing the embedded malicious SQL query to be executed by the backend database. - Depending on the payload, the attacker can achieve information disclosure (e.g., extracting user credentials, sensitive system data), data manipulation (e.g., altering schedules, grades), or potentially escalate privileges.
- In certain database configurations (e.g.,
xp_cmdshellon MSSQL orsys_execon MySQL), the attacker might achieve remote code execution on the server hosting the database. - The successful exploitation leads to compromise of application data, system control, and potential further lateral movement within the network.
Impact
Successful exploitation of CVE-2026-14771 allows attackers to gain unauthorized control over the application's backend database. This can result in significant data breaches, including exposure of student and faculty information, exam schedules, and administrative credentials. The integrity of timetables and exam records could be compromised, leading to operational disruption and reputational damage for educational institutions using the system. With a CVSS v3.1 base score of 7.3 (High), the vulnerability poses a substantial risk, especially given that a public exploit exists, increasing the likelihood of widespread, opportunistic attacks by various threat actors.
Recommendation
- Immediately apply patches or vendor-provided updates for SourceCodester Class and Exam Timetabling System 1.0 to address CVE-2026-14771.
- Deploy the provided Sigma rule to your SIEM to detect attempts at exploiting CVE-2026-14771.
- Implement or update Web Application Firewall (WAF) rules to detect and block common SQL injection patterns, especially targeting the
/edit_exam1.phpendpoint andIDparameter. - Review web server logs for suspicious HTTP requests containing SQL injection payloads, as indicated in the provided Sigma rule.
Detection coverage 1
Detects CVE-2026-14771 Exploitation — SQL Injection in SourceCodester Class and Exam Timetabling System
highDetects CVE-2026-14771 exploitation — HTTP POST requests to `/edit_exam1.php` with common SQL injection patterns in the `ID` query parameter, indicating an attempted SQL injection.
Detection queries are available on the platform. Get full rules →
Indicators of compromise
6
url
| Type | Value |
|---|---|
| url | https://github.com/orionyan520/cve_report/issues/2 |
| url | https://vuldb.com/cve/CVE-2026-14771 |
| url | https://vuldb.com/submit/849107 |
| url | https://vuldb.com/vuln/376361 |
| url | https://vuldb.com/vuln/376361/cti |
| url | https://www.sourcecodester.com/ |