CVE-2026-15597

medium

Description

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/2.php. This affects an unknown function of the file /edit_exam2.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

References

https://www.sourcecodester.com/

https://vuldb.com/vuln/378112/cti

https://vuldb.com/vuln/378112

https://vuldb.com/submit/855298

https://vuldb.com/cve/CVE-2026-15597

https://github.com/asdasddqwdq29-a11y/new-cve/issues/1

Details

Source: Mitre, NVD

Published: 2026-07-13

Updated: 2026-07-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium