CVE-2026-13485
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk33th percentile — higher than 33% of all known CVEs
Summary
A SQL injection vulnerability was discovered in SourceCodester Class and Exam Timetabling System 1.0 in the /preview.php file. An attacker can remotely manipulate the course_year_section argument, leading to SQL injection. The exploit has been made public, increasing the risk of exploitation.
Risk Assessment
The organization is at risk of unauthorized database access, leakage of sensitive data (e.g., schedules, student data), and potential data modification or deletion.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and parameterized SQL queries in the /preview.php file.
Original NVD description (English source)
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

