CVE Catalog

CVE-2026-13486

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile — higher than 33% of all known CVEs

Summary

A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /preview6.php file. Manipulation of the course_year_section argument allows remote attack. The exploit has been publicly disclosed.

Risk Assessment

An attacker can remotely steal, modify, or delete database data, potentially compromising the confidentiality and integrity of the system data.

Recommendation

Immediately implement SQL query parameterization or use prepared statements in /preview6.php and update the system to the latest version.

Original NVD description (English source)

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument course_year_section can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS