Skip to content
Threat Feed
high advisory

CVE-2026-14771: SourceCodester Class and Exam Timetabling System SQL Injection Vulnerability

A critical SQL injection vulnerability (CVE-2026-14771) has been discovered in SourceCodester Class and Exam Timetabling System version 1.0, allowing remote unauthenticated attackers to manipulate the 'ID' argument in `/edit_exam1.php`, leading to arbitrary SQL command execution and potential data compromise.

A high-severity SQL injection vulnerability, identified as CVE-2026-14771, affects SourceCodester Class and Exam Timetabling System version 1.0. The flaw resides within an unknown function of the /edit_exam1.php file, specifically when processing the ID argument. This vulnerability allows a remote, unauthenticated attacker to inject malicious SQL queries by manipulating the ID parameter. The exploitation of this vulnerability can lead to unauthorized access to sensitive data, data manipulation, and potentially remote code execution on the underlying database server, severely compromising the system's confidentiality, integrity, and availability. An exploit for CVE-2026-14771 has been publicly published, significantly increasing the risk of widespread exploitation against vulnerable instances of the system. Defenders should prioritize patching and implementing robust web application security measures.

Attack Chain

  1. A remote, unauthenticated attacker identifies a vulnerable SourceCodester Class and Exam Timetabling System 1.0 instance, often exposed to the internet.
  2. The attacker crafts a malicious HTTP POST request targeting the /edit_exam1.php endpoint.
  3. The request includes a specially formulated SQL injection payload within the ID argument, designed to bypass input sanitization.
  4. The vulnerable web application processes the unsanitized ID argument, causing the embedded malicious SQL query to be executed by the backend database.
  5. Depending on the payload, the attacker can achieve information disclosure (e.g., extracting user credentials, sensitive system data), data manipulation (e.g., altering schedules, grades), or potentially escalate privileges.
  6. In certain database configurations (e.g., xp_cmdshell on MSSQL or sys_exec on MySQL), the attacker might achieve remote code execution on the server hosting the database.
  7. The successful exploitation leads to compromise of application data, system control, and potential further lateral movement within the network.

Impact

Successful exploitation of CVE-2026-14771 allows attackers to gain unauthorized control over the application's backend database. This can result in significant data breaches, including exposure of student and faculty information, exam schedules, and administrative credentials. The integrity of timetables and exam records could be compromised, leading to operational disruption and reputational damage for educational institutions using the system. With a CVSS v3.1 base score of 7.3 (High), the vulnerability poses a substantial risk, especially given that a public exploit exists, increasing the likelihood of widespread, opportunistic attacks by various threat actors.

Recommendation

  • Immediately apply patches or vendor-provided updates for SourceCodester Class and Exam Timetabling System 1.0 to address CVE-2026-14771.
  • Deploy the provided Sigma rule to your SIEM to detect attempts at exploiting CVE-2026-14771.
  • Implement or update Web Application Firewall (WAF) rules to detect and block common SQL injection patterns, especially targeting the /edit_exam1.php endpoint and ID parameter.
  • Review web server logs for suspicious HTTP requests containing SQL injection payloads, as indicated in the provided Sigma rule.

Detection coverage 1

Detects CVE-2026-14771 Exploitation — SQL Injection in SourceCodester Class and Exam Timetabling System

high

Detects CVE-2026-14771 exploitation — HTTP POST requests to `/edit_exam1.php` with common SQL injection patterns in the `ID` query parameter, indicating an attempted SQL injection.

sigma tactics: impact, initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →

Indicators of compromise

6

url

TypeValue
urlhttps://github.com/orionyan520/cve_report/issues/2
urlhttps://vuldb.com/cve/CVE-2026-14771
urlhttps://vuldb.com/submit/849107
urlhttps://vuldb.com/vuln/376361
urlhttps://vuldb.com/vuln/376361/cti
urlhttps://www.sourcecodester.com/