This vulnerability affects SourceCodester Class and Exam Timetabling System 1.0 and involves SQL injection via the 'sy' parameter in the /archive3.php file. An attacker can remotely manipulate this parameter to inject SQL code, potentially compromising the database. The CVSS 4.0 base score is 6.9, indicating a medium severity level with network attack vector, low complexity, and no privileges or user interaction required. The vulnerability has been publicly disclosed but lacks an official fix or patch at this time.

Successful exploitation could allow an attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data access or modification. The medium severity score reflects the potential for data compromise but also indicates some limitations in impact or exploitability. No confirmed exploitation in the wild has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing web application firewalls or input validation controls to mitigate SQL injection risks. Monitor for vendor updates regarding patches or official mitigations.