CVE Catalog

CVE-2026-13526

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile — higher than 18% of all known CVEs

Summary

A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_class.php file via the ID parameter. The attack can be performed remotely and the exploit has been published.

Risk Assessment

The risk includes unauthorized database access, sensitive data leakage, and potential system takeover.

Recommendation

Immediately update the system to the latest version or apply a security patch, and implement input validation and sanitization.

Original NVD description (English source)

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_class.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS