CVE Catalog

CVE-2026-13527

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile — higher than 18% of all known CVEs

Summary

A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the file /preview4.php. An unknown function improperly handles the course_year_section argument, allowing an attacker to inject SQL code. The attack can be launched remotely and exploit details have been publicly disclosed.

Risk Assessment

The risk involves the possibility of remote execution of unauthorized SQL queries, potentially leading to data leakage, modification, or deletion. The organization faces a threat to data confidentiality and integrity.

Recommendation

Immediately update the system to the latest version or apply a security patch. As a temporary measure, disable access to /preview4.php or implement input filtering until the fix is deployed.

Original NVD description (English source)

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /preview4.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS