{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/class-and-exam-timetabling-system-1.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14771"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Class and Exam Timetabling System 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","vulnerability","remote-code-execution","data-exfiltration"],"_cs_type":"advisory","_cs_vendors":["SourceCodester"],"content_html":"\u003cp\u003eA high-severity SQL injection vulnerability, identified as CVE-2026-14771, affects SourceCodester Class and Exam Timetabling System version 1.0. The flaw resides within an unknown function of the \u003ccode\u003e/edit_exam1.php\u003c/code\u003e file, specifically when processing the \u003ccode\u003eID\u003c/code\u003e argument. This vulnerability allows a remote, unauthenticated attacker to inject malicious SQL queries by manipulating the \u003ccode\u003eID\u003c/code\u003e parameter. The exploitation of this vulnerability can lead to unauthorized access to sensitive data, data manipulation, and potentially remote code execution on the underlying database server, severely compromising the system's confidentiality, integrity, and availability. An exploit for CVE-2026-14771 has been publicly published, significantly increasing the risk of widespread exploitation against vulnerable instances of the system. Defenders should prioritize patching and implementing robust web application security measures.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA remote, unauthenticated attacker identifies a vulnerable SourceCodester Class and Exam Timetabling System 1.0 instance, often exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/edit_exam1.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a specially formulated SQL injection payload within the \u003ccode\u003eID\u003c/code\u003e argument, designed to bypass input sanitization.\u003c/li\u003e\n\u003cli\u003eThe vulnerable web application processes the unsanitized \u003ccode\u003eID\u003c/code\u003e argument, causing the embedded malicious SQL query to be executed by the backend database.\u003c/li\u003e\n\u003cli\u003eDepending on the payload, the attacker can achieve information disclosure (e.g., extracting user credentials, sensitive system data), data manipulation (e.g., altering schedules, grades), or potentially escalate privileges.\u003c/li\u003e\n\u003cli\u003eIn certain database configurations (e.g., \u003ccode\u003exp_cmdshell\u003c/code\u003e on MSSQL or \u003ccode\u003esys_exec\u003c/code\u003e on MySQL), the attacker might achieve remote code execution on the server hosting the database.\u003c/li\u003e\n\u003cli\u003eThe successful exploitation leads to compromise of application data, system control, and potential further lateral movement within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14771 allows attackers to gain unauthorized control over the application's backend database. This can result in significant data breaches, including exposure of student and faculty information, exam schedules, and administrative credentials. The integrity of timetables and exam records could be compromised, leading to operational disruption and reputational damage for educational institutions using the system. With a CVSS v3.1 base score of 7.3 (High), the vulnerability poses a substantial risk, especially given that a public exploit exists, increasing the likelihood of widespread, opportunistic attacks by various threat actors.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply patches or vendor-provided updates for SourceCodester Class and Exam Timetabling System 1.0 to address CVE-2026-14771.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM to detect attempts at exploiting CVE-2026-14771.\u003c/li\u003e\n\u003cli\u003eImplement or update Web Application Firewall (WAF) rules to detect and block common SQL injection patterns, especially targeting the \u003ccode\u003e/edit_exam1.php\u003c/code\u003e endpoint and \u003ccode\u003eID\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eReview web server logs for suspicious HTTP requests containing SQL injection payloads, as indicated in the provided Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-05T22:21:20Z","date_published":"2026-07-05T22:21:20Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14771-sourcecodester-sqli/","summary":"A critical SQL injection vulnerability (CVE-2026-14771) has been discovered in SourceCodester Class and Exam Timetabling System version 1.0, allowing remote unauthenticated attackers to manipulate the 'ID' argument in `/edit_exam1.php`, leading to arbitrary SQL command execution and potential data compromise.","title":"CVE-2026-14771: SourceCodester Class and Exam Timetabling System SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14771-sourcecodester-sqli/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14770"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Class and Exam Timetabling System 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","vulnerability","web-application","cve"],"_cs_type":"advisory","_cs_vendors":["SourceCodester"],"content_html":"\u003cp\u003eA critical SQL injection vulnerability, tracked as CVE-2026-14770, has been publicly disclosed and affects SourceCodester Class and Exam Timetabling System version 1.0. This flaw resides in the \u003ccode\u003e/edit_room.php\u003c/code\u003e endpoint where improper neutralization of special elements in the 'ID' argument allows for remote code execution. Attackers can manipulate this parameter to inject malicious SQL queries into the application's backend database. This vulnerability is remotely exploitable without authentication, meaning threat actors can target vulnerable instances directly over the network. Crucially, the exploit code for this vulnerability is now public, significantly increasing the risk of widespread exploitation by various threat actors. Defenders must prioritize patching or mitigating this vulnerability immediately to prevent unauthorized access to sensitive data and potential system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable instance of SourceCodester Class and Exam Timetabling System 1.0, typically by scanning for known application signatures or default paths.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a specially designed HTTP GET request targeting the \u003ccode\u003e/edit_room.php\u003c/code\u003e endpoint on the vulnerable system.\u003c/li\u003e\n\u003cli\u003eWithin the HTTP request, the \u003ccode\u003eID\u003c/code\u003e parameter is modified to include SQL injection payloads (e.g., \u003ccode\u003eid=1 UNION SELECT USER(), DATABASE(), VERSION() --\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable application processes the malicious \u003ccode\u003eID\u003c/code\u003e parameter, which results in the backend database executing the injected SQL query.\u003c/li\u003e\n\u003cli\u003eThe database's response, now containing the results of the attacker's query, is returned within the legitimate HTTP response, inadvertently disclosing sensitive information (e.g., database username, current database name, system version).\u003c/li\u003e\n\u003cli\u003eThe attacker parses the HTTP response to extract the sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker continues to refine payloads, potentially pivoting to other SQL injection techniques like time-based blind SQLi, out-of-band SQLi, or error-based SQLi to fully enumerate and exfiltrate database contents.\u003c/li\u003e\n\u003cli\u003eDepending on database permissions and configuration, the attacker might achieve remote code execution via database functionalities (e.g., \u003ccode\u003exp_cmdshell\u003c/code\u003e on MSSQL, \u003ccode\u003eLOAD_FILE\u003c/code\u003e/\u003ccode\u003eINTO OUTFILE\u003c/code\u003e on MySQL) to establish persistence or further compromise the underlying server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploitation of CVE-2026-14770 leads to significant impact on the confidentiality, integrity, and availability of data stored within the application's database. Attackers can exfiltrate sensitive information, such as user credentials, student records, timetable details, and other proprietary data. The integrity of the application's data can be compromised through unauthorized modification or deletion of records. In scenarios where the database user has elevated privileges or the database system allows for file operations or command execution, attackers could potentially escalate their access to the underlying server, leading to a complete system compromise, ransomware deployment, or further network lateral movement. Given the public availability of exploit code, a wide range of organizations using this system are at high risk of immediate targeting.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching SourceCodester Class and Exam Timetabling System to a version that remediates CVE-2026-14770 as soon as it becomes available.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM/detection platform to identify and alert on attempted exploitation of CVE-2026-14770.\u003c/li\u003e\n\u003cli\u003eImplement Web Application Firewalls (WAFs) with rules specifically designed to detect and block SQL injection payloads targeting the \u003ccode\u003e/edit_room.php\u003c/code\u003e endpoint, referencing the techniques described in the attack chain.\u003c/li\u003e\n\u003cli\u003eReview webserver access logs for anomalous requests to \u003ccode\u003e/edit_room.php\u003c/code\u003e containing SQLi patterns as described in the detection rule, even if no patch is immediately available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-05T21:25:11Z","date_published":"2026-07-05T21:25:11Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14770-sql-injection/","summary":"A high-severity SQL injection vulnerability, CVE-2026-14770, exists in SourceCodester Class and Exam Timetabling System version 1.0 within the `/edit_room.php` file, allowing remote, unauthenticated attackers to manipulate the 'ID' argument with public exploits, leading to data exposure and potential database compromise.","title":"CVE-2026-14770: SourceCodester Class and Exam Timetabling System SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14770-sql-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14734"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Class and Exam Timetabling System 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","cve","vulnerability","initial-access"],"_cs_type":"advisory","_cs_vendors":["SourceCodester"],"content_html":"\u003cp\u003eA high-severity SQL injection vulnerability, identified as CVE-2026-14734, has been discovered in the SourceCodester Class and Exam Timetabling System version 1.0. The flaw is located in an unspecified function within the \u003ccode\u003e/edit_product.php\u003c/code\u003e file, where improper input sanitization allows an attacker to inject malicious SQL commands by manipulating the 'ID' argument. This vulnerability enables remote exploitation, meaning attackers can leverage it without requiring prior authentication or local access to the system. The existence of a publicly disclosed exploit significantly increases the immediate risk to organizations using this software, making them prime targets for data compromise, unauthorized access, and potential system control. Defenders should prioritize patching and monitoring for exploitation attempts against this critical web application flaw.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eReconnaissance \u0026amp; Vulnerability Identification\u003c/strong\u003e: An attacker identifies an internet-facing instance of SourceCodester Class and Exam Timetabling System 1.0 and notes the presence of the \u003ccode\u003e/edit_product.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePayload Crafting\u003c/strong\u003e: The attacker crafts a specially designed HTTP GET or POST request containing SQL injection payloads, such as single quotes, comments, or boolean-based conditions, within the \u003ccode\u003eID\u003c/code\u003e parameter targeting the \u003ccode\u003e/edit_product.php\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access (Injection)\u003c/strong\u003e: The crafted HTTP request is sent to the vulnerable web application.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDatabase Interaction\u003c/strong\u003e: The application processes the unsanitized \u003ccode\u003eID\u003c/code\u003e argument, leading to the execution of the attacker's injected SQL query by the backend database.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInformation Disclosure / Privilege Escalation\u003c/strong\u003e: The attacker exploits the SQL injection to extract sensitive database content (e.g., user credentials, system configuration, academic records) or, if possible, escalate privileges within the database server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact (Data Exfiltration/Manipulation)\u003c/strong\u003e: The attacker exfiltrates collected data or uses the SQL injection to modify, delete, or insert data directly into the database, achieving confidentiality and integrity compromise.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOptional Persistence/RCE\u003c/strong\u003e: Depending on the underlying database and server configuration, the attacker might leverage advanced SQL injection techniques (e.g., \u003ccode\u003exp_cmdshell\u003c/code\u003e on MSSQL, \u003ccode\u003eLOAD_FILE/INTO OUTFILE\u003c/code\u003e on MySQL) to achieve remote code execution or establish persistence on the web server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14734 can lead to significant compromise of the SourceCodester Class and Exam Timetabling System. Attackers can gain unauthorized access to the application's database, leading to potential exfiltration of sensitive information such as student records, exam schedules, class data, and potentially user credentials. This can result in privacy breaches, academic disruption, and reputational damage for educational institutions or organizations utilizing the system. The vulnerability allows for data manipulation, which could lead to altered schedules, grades, or other critical information, causing operational chaos and distrust. With a CVSS v3.1 score of 7.3 (High) and a publicly available exploit, the risk of widespread compromise is substantial.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply any available patches or updates for SourceCodester Class and Exam Timetabling System 1.0 to address CVE-2026-14734.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM/logging solution to detect attempts to exploit CVE-2026-14734.\u003c/li\u003e\n\u003cli\u003eReview web server logs for suspicious requests to \u003ccode\u003e/edit_product.php\u003c/code\u003e containing SQL injection payloads, and consider implementing a Web Application Firewall (WAF) to filter malicious input for \u003ccode\u003e/edit_product.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eBlock network access to the domains listed in the IOC table at the perimeter firewall or proxy if not legitimately accessed.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-05T10:22:13Z","date_published":"2026-07-05T10:22:13Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14734-sql-injection/","summary":"A high-severity SQL injection vulnerability (CVE-2026-14734) exists in SourceCodester Class and Exam Timetabling System version 1.0, allowing unauthenticated remote attackers to manipulate the 'ID' argument in `/edit_product.php` to execute arbitrary SQL queries, with a publicly available exploit increasing the risk of unauthorized data access, modification, or exfiltration.","title":"CVE-2026-14734: SQL Injection in SourceCodester Class and Exam Timetabling System","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14734-sql-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14733"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Class and Exam Timetabling System 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","cve"],"_cs_type":"threat","_cs_vendors":["SourceCodester"],"content_html":"\u003cp\u003eA significant SQL injection vulnerability, tracked as CVE-2026-14733, has been identified in SourceCodester Class and Exam Timetabling System version 1.0. This flaw, rated with a CVSS v3.1 base score of 7.3 (High), resides within the \u003ccode\u003e/edit_coursea.php\u003c/code\u003e component, where it improperly processes the \u003ccode\u003eID\u003c/code\u003e argument. Exploitation is trivial for an unauthenticated attacker, allowing for remote SQL command execution. The vulnerability is critical for defenders as an exploit has been publicly disclosed and is actively available, increasing the likelihood of widespread exploitation. Organizations using this specific version of the Timetabling System are at immediate risk of data breaches and system compromise if not promptly patched.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access\u003c/strong\u003e: An unauthenticated attacker sends an HTTP GET request directly to the \u003ccode\u003e/edit_coursea.php\u003c/code\u003e endpoint of the vulnerable SourceCodester Class and Exam Timetabling System 1.0 web application.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploitation Trigger\u003c/strong\u003e: The attacker crafts the \u003ccode\u003eID\u003c/code\u003e parameter in the HTTP GET request to include SQL injection payloads, such as \u003ccode\u003e?ID=1%20UNION%20SELECT%20...\u003c/code\u003e or \u003ccode\u003e?ID=1%27%20OR%201=1%20--%20\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDatabase Query Manipulation\u003c/strong\u003e: The web application's \u003ccode\u003e/edit_coursea.php\u003c/code\u003e script processes the unsanitized \u003ccode\u003eID\u003c/code\u003e parameter directly within a SQL query designed to retrieve course information.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSQL Execution\u003c/strong\u003e: The injected SQL payload is executed by the backend database, allowing the attacker to bypass authentication, query arbitrary tables, modify existing data, or potentially delete database entries.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInformation Disclosure/Modification\u003c/strong\u003e: Depending on the crafted payload, the attacker can exfiltrate sensitive data (e.g., user credentials, course details) from the database or alter existing records, leveraging the database's permissions.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePotential Remote Code Execution\u003c/strong\u003e: If the backend database user has elevated privileges or the specific database system (e.g., SQL Server, MySQL, PostgreSQL) supports arbitrary command execution via SQL (e.g., \u003ccode\u003exp_cmdshell\u003c/code\u003e, \u003ccode\u003eLOAD_FILE/INTO OUTFILE\u003c/code\u003e, \u003ccode\u003eCOPY TO PROGRAM\u003c/code\u003e), the attacker might achieve remote code execution on the underlying server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact Achieved\u003c/strong\u003e: The attacker gains unauthorized access to and control over database contents, leading to breaches of data confidentiality, integrity compromise (data alteration/deletion), and potentially full system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14733 can lead to severe consequences for affected organizations. Attackers can gain unauthorized access to the application's entire database, potentially exfiltrating sensitive information such as student records, course schedules, faculty details, and user credentials. Data integrity can be compromised through unauthorized modification or deletion of critical academic data. In scenarios where the database user has elevated privileges or the database engine allows OS command execution via SQL injection, attackers could achieve full remote code execution on the underlying server, leading to complete system compromise and further network penetration. Given the public availability of an exploit, any organization running the vulnerable version is at high risk of active exploitation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch or upgrade SourceCodester Class and Exam Timetabling System to a non-vulnerable version to mitigate CVE-2026-14733.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM to detect attempted exploitation of CVE-2026-14733 via unusual HTTP GET requests to \u003ccode\u003e/edit_coursea.php\u003c/code\u003e with SQL injection payloads.\u003c/li\u003e\n\u003cli\u003eReview web server access logs for any suspicious requests targeting \u003ccode\u003e/edit_coursea.php\u003c/code\u003e with malformed \u003ccode\u003eID\u003c/code\u003e parameters prior to patching.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-05T09:19:46Z","date_published":"2026-07-05T09:19:46Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14733-sql-injection/","summary":"A high-severity SQL injection vulnerability, CVE-2026-14733, exists in SourceCodester Class and Exam Timetabling System 1.0, specifically within the '/edit_coursea.php' file, allowing unauthenticated remote attackers to manipulate the 'ID' argument and execute arbitrary SQL commands due to a publicly available exploit.","title":"CVE-2026-14733: Remote SQL Injection in SourceCodester Class and Exam Timetabling System","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14733-sql-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14732"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Class and Exam Timetabling System 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","cve","sourcecodester","initial-access"],"_cs_type":"advisory","_cs_vendors":["SourceCodester"],"content_html":"\u003cp\u003eA critical SQL injection vulnerability (CVE-2026-14732) has been publicly disclosed in SourceCodester Class and Exam Timetabling System version 1.0. This flaw, residing in the \u003ccode\u003e/edit_exam.php\u003c/code\u003e file, allows unauthenticated remote attackers to execute arbitrary SQL commands against the backend database by manipulating the \u003ccode\u003eID\u003c/code\u003e argument. The vulnerability was published to NVD on July 5, 2026, with a CVSS v3.1 base score of 7.3 (High). The public disclosure of exploit details means that this vulnerability can be actively leveraged by malicious actors. Organizations using this system are at immediate risk of data compromise, unauthorized access, and potential remote code execution, making prompt remediation crucial for protecting sensitive information and maintaining system integrity. This affects any instance exposed to the internet.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an internet-facing instance of SourceCodester Class and Exam Timetabling System 1.0.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a specially formed HTTP GET or POST request targeting the \u003ccode\u003e/edit_exam.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a malicious SQL payload within the \u003ccode\u003eID\u003c/code\u003e argument (e.g., \u003ccode\u003eid=1%27+UNION+SELECT+null,user(),null--\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable application processes this request without properly sanitizing the \u003ccode\u003eID\u003c/code\u003e input, causing the web server to execute the attacker's embedded SQL query against its backend database.\u003c/li\u003e\n\u003cli\u003eThe database responds to the malicious query, potentially revealing sensitive data such as user credentials, database schema, or other confidential information.\u003c/li\u003e\n\u003cli\u003eThe web server includes the results of the SQL query within the HTTP response, allowing the attacker to exfiltrate the compromised data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14732 can lead to severe consequences for organizations utilizing SourceCodester Class and Exam Timetabling System 1.0. Attackers can exfiltrate sensitive student and faculty data, manipulate existing records, or gain administrative access to the application. This could result in privacy breaches, academic fraud, disruption of critical scheduling operations, and reputational damage. The public availability of exploit details increases the likelihood of widespread targeting and automated attacks against vulnerable systems, posing a significant risk to affected educational institutions or internal training departments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-14732 on all affected SourceCodester Class and Exam Timetabling System 1.0 instances immediately.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM to detect exploitation attempts targeting \u003ccode\u003e/edit_exam.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview web server access logs for \u003ccode\u003eSourceCodester Class and Exam Timetabling System 1.0\u003c/code\u003e for requests to \u003ccode\u003e/edit_exam.php\u003c/code\u003e containing suspicious \u003ccode\u003eID\u003c/code\u003e parameters indicative of SQL injection.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-05T09:18:49Z","date_published":"2026-07-05T09:18:49Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14732-sql-injection/","summary":"A critical SQL injection vulnerability (CVE-2026-14732) in SourceCodester Class and Exam Timetabling System 1.0 allows remote, unauthenticated attackers to execute arbitrary SQL commands via manipulation of the `ID` argument in `/edit_exam.php`, leading to data exfiltration and potential system compromise.","title":"CVE-2026-14732: SQL Injection in SourceCodester Class and Exam Timetabling System","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14732-sql-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14642"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Class and Exam Timetabling System 1.0"],"_cs_severities":["high"],"_cs_tags":["web-application","sql-injection","remote-code-execution","data-exfiltration","vulnerability","cve"],"_cs_type":"advisory","_cs_vendors":["SourceCodester"],"content_html":"\u003cp\u003eA significant vulnerability, tracked as CVE-2026-14642, has been discovered in SourceCodester Class and Exam Timetabling System version 1.0. This flaw specifically affects an unknown functionality within the \u003ccode\u003e/edit_class2.php\u003c/code\u003e file, where improper handling of the \u003ccode\u003eID\u003c/code\u003e argument allows for SQL injection. The vulnerability can be exploited remotely by an unauthenticated attacker, posing a substantial risk to organizations utilizing this system. The public availability of an exploit intensifies the threat, making it highly probable for malicious actors to leverage this weakness for unauthorized access to sensitive database information, data manipulation, or even further system compromise. Defenders must prioritize patching or mitigating this vulnerability immediately to prevent potential data breaches and system integrity compromises.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a SourceCodester Class and Exam Timetabling System 1.0 instance accessible over the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a specially malformed HTTP GET request targeting the \u003ccode\u003e/edit_class2.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates the \u003ccode\u003eID\u003c/code\u003e argument in the URL query string by injecting SQL metacharacters and payloads (e.g., \u003ccode\u003e' OR 1=1--\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable application processes this request without proper input validation, incorporating the malicious payload directly into a database query.\u003c/li\u003e\n\u003cli\u003eThe backend database executes the attacker-controlled SQL query, potentially disclosing sensitive data, modifying existing records, or executing arbitrary commands (if the database user has sufficient privileges).\u003c/li\u003e\n\u003cli\u003eThe application responds to the attacker with the results of the executed SQL query, allowing for data exfiltration or confirmation of successful command execution.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts sensitive information from the database or uses the RCE capabilities to establish persistence or pivot further into the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14642 can lead to severe consequences for affected organizations. Attackers can gain unauthorized access to the application's underlying database, potentially exfiltrating sensitive student or class scheduling data, modifying records, or even deleting critical information. Given the nature of SQL injection, this could result in a complete compromise of confidentiality, integrity, and availability of the application's data. As the exploit is publicly available, organizations running the affected version are at immediate risk of data breaches and operational disruption. The CVSS score of 7.3 (High) reflects the significant potential for impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-14642 by upgrading SourceCodester Class and Exam Timetabling System to a version where this vulnerability has been fixed, if available, or applying vendor-supplied patches immediately.\u003c/li\u003e\n\u003cli\u003eImplement a Web Application Firewall (WAF) to detect and block malicious HTTP requests targeting \u003ccode\u003e/edit_class2.php\u003c/code\u003e with SQL injection payloads, as indicated by the Sigma rule below.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule titled \u0026quot;Detect CVE-2026-14642 Exploitation — SourceCodester SQL Injection\u0026quot; to your SIEM and tune for your environment, ensuring it triggers on requests to \u003ccode\u003e/edit_class2.php\u003c/code\u003e with suspicious \u003ccode\u003eID\u003c/code\u003e parameters.\u003c/li\u003e\n\u003cli\u003eReview web server logs for \u003ccode\u003e/edit_class2.php\u003c/code\u003e access patterns, especially for \u003ccode\u003ecs-uri-query\u003c/code\u003e fields containing SQL injection artifacts, to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation for all user-supplied input, especially for the \u003ccode\u003eID\u003c/code\u003e parameter used in \u003ccode\u003e/edit_class2.php\u003c/code\u003e, to prevent SQL injection.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T19:24:10Z","date_published":"2026-07-04T19:24:10Z","id":"https://feed.craftedsignal.io/briefs/2026-07-sourcecodester-sqli/","summary":"A critical SQL injection vulnerability, identified as CVE-2026-14642, exists in SourceCodester Class and Exam Timetabling System version 1.0, allowing remote attackers to inject SQL commands by manipulating the 'ID' argument within the '/edit_class2.php' file, with an exploit publicly available.","title":"CVE-2026-14642: SourceCodester Class and Exam Timetabling System SQL Injection","url":"https://feed.craftedsignal.io/briefs/2026-07-sourcecodester-sqli/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14641"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Class and Exam Timetabling System 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","cve","sourcecodester","php"],"_cs_type":"advisory","_cs_vendors":["SourceCodester"],"content_html":"\u003cp\u003eA high-severity SQL injection vulnerability, tracked as CVE-2026-14641, has been identified in SourceCodester Class and Exam Timetabling System version 1.0. This flaw allows unauthenticated, remote attackers to execute arbitrary SQL commands by manipulating the 'ID' argument within the \u003ccode\u003e/edit_course.php\u003c/code\u003e file. The vulnerability stems from improper neutralization of special elements in SQL commands, specifically CWE-89. The exploit has been publicly disclosed and is actively available, increasing the risk of widespread exploitation. This vulnerability enables attackers to potentially read, modify, or delete data from the backend database, compromising data confidentiality and integrity. Defenders should prioritize patching and implementing robust input validation to mitigate this threat.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious HTTP GET request targeting the \u003ccode\u003e/edit_course.php\u003c/code\u003e endpoint of the vulnerable SourceCodester Class and Exam Timetabling System.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a specially malformed \u003ccode\u003eID\u003c/code\u003e parameter in the URL query string, containing SQL injection payloads (e.g., \u003ccode\u003eID=1%27%20UNION%20SELECT%20...\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003e/edit_course.php\u003c/code\u003e script processes the \u003ccode\u003eID\u003c/code\u003e parameter without proper input sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe application directly embeds the malicious \u003ccode\u003eID\u003c/code\u003e parameter's value into a backend SQL query.\u003c/li\u003e\n\u003cli\u003eThe database server executes the manipulated SQL query, which may bypass intended logic and allow the attacker to retrieve sensitive information or modify data.\u003c/li\u003e\n\u003cli\u003eThe web server responds to the attacker's request, potentially disclosing sensitive database content (e.g., user credentials, system configurations, application data) within the HTTP response body.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the HTTP response to extract the compromised data, achieve data exfiltration, or modify database records.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14641 can lead to significant data breaches, where attackers can read, modify, or delete sensitive information stored in the application's database. This includes user accounts, academic records, scheduling data, and potentially administrative credentials. While specific victim counts are not available, the widespread use of SourceCodester systems in educational settings suggests that successful attacks could impact student and staff privacy, disrupt academic operations, and lead to reputational damage for affected institutions. The CVSS 3.1 score of 7.3 (High) indicates low impact on confidentiality, integrity, and availability, but SQL injection commonly leads to more severe consequences like full database compromise or even arbitrary code execution under certain configurations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching SourceCodester Class and Exam Timetabling System to a non-vulnerable version immediately to address CVE-2026-14641.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM solution to detect exploitation attempts against the \u003ccode\u003e/edit_course.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eEnsure webserver logging (category: \u003ccode\u003ewebserver\u003c/code\u003e) is enabled and configured to capture full HTTP request details, especially \u003ccode\u003ecs-uri-stem\u003c/code\u003e and \u003ccode\u003ecs-uri-query\u003c/code\u003e, to enable the rule.\u003c/li\u003e\n\u003cli\u003eImplement web application firewalls (WAFs) with rules designed to detect and block SQL injection payloads targeting HTTP GET parameters.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-04T19:23:20Z","date_published":"2026-07-04T19:23:20Z","id":"https://feed.craftedsignal.io/briefs/2026-07-sql-injection-sourcecodester/","summary":"A critical vulnerability, CVE-2026-14641, in SourceCodester Class and Exam Timetabling System version 1.0 allows for remote SQL injection via the 'ID' argument in the '/edit_course.php' file, enabling unauthenticated attackers to manipulate database queries with a publicly disclosed exploit.","title":"SQL Injection in SourceCodester Class and Exam Timetabling System (CVE-2026-14641)","url":"https://feed.craftedsignal.io/briefs/2026-07-sql-injection-sourcecodester/"}],"language":"en","title":"CraftedSignal Threat Feed - Class and Exam Timetabling System 1.0","version":"https://jsonfeed.org/version/1.1"}