CVE-2026-13521
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0/5.php in the file /preview5.php. An attacker can remotely manipulate the course_year_section argument, leading to SQL injection. The exploit is publicly available.
Risk Assessment
The organization is at risk of unauthorized database access, data leakage, and potential modification or deletion of information.
Recommendation
Immediately apply a patch or update the system to a fixed version. If not possible, disable or secure the /preview5.php file and use parameterized SQL queries.
Original NVD description (English source)
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

