A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. (CVE-2026-16152)
SourceCodester Class and Exam Timetabling System 1.0 contains a SQL injection vulnerability in the /edit_rooma.php file. The vulnerability arises from manipulation of the ID argument, allowing remote attackers to inject SQL commands. Exploit code has been publicly disclosed. No patch or official fix is currently documented.
AI Analysis
Technical Summary
CVE-2026-16152 is a SQL injection vulnerability affecting an unspecified function within the /edit_rooma.php file of SourceCodester Class and Exam Timetabling System version 1.0. The vulnerability allows remote attackers to manipulate the ID parameter to execute arbitrary SQL commands. This vulnerability is classified under CWE-74 (Injection). Although exploit code is publicly available, there is no indication of known exploitation in the wild. No patch or remediation guidance is currently provided by the vendor or authoritative sources.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands on the backend database remotely. This may lead to unauthorized data access, data modification, or other impacts typical of SQL injection vulnerabilities. The severity is assessed as medium based on the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the vulnerable endpoint and applying web application firewall (WAF) rules to detect and block SQL injection attempts targeting the ID parameter.
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. (CVE-2026-16152)
Description
SourceCodester Class and Exam Timetabling System 1.0 contains a SQL injection vulnerability in the /edit_rooma.php file. The vulnerability arises from manipulation of the ID argument, allowing remote attackers to inject SQL commands. Exploit code has been publicly disclosed. No patch or official fix is currently documented.
CVSS v4.0
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-16152 is a SQL injection vulnerability affecting an unspecified function within the /edit_rooma.php file of SourceCodester Class and Exam Timetabling System version 1.0. The vulnerability allows remote attackers to manipulate the ID parameter to execute arbitrary SQL commands. This vulnerability is classified under CWE-74 (Injection). Although exploit code is publicly available, there is no indication of known exploitation in the wild. No patch or remediation guidance is currently provided by the vendor or authoritative sources.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands on the backend database remotely. This may lead to unauthorized data access, data modification, or other impacts typical of SQL injection vulnerabilities. The severity is assessed as medium based on the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the vulnerable endpoint and applying web application firewall (WAF) rules to detect and block SQL injection attempts targeting the ID parameter.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-qwfp-87mc-8jvg
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-16152"]
- Ecosystems
- []
- Database Specific Severity
- MODERATE
- Cvss Version
- 4.0
Threat ID: 6a5c477d2a4a8d5989eb5f8f
Added to database: 07/19/2026, 03:41:49 UTC
Last enriched: 07/19/2026, 03:57:42 UTC
Last updated: 07/19/2026, 14:26:33 UTC
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.