CVE-2026-13566
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /preview3.php file. An attacker can remotely manipulate the course_year_section argument, leading to SQL injection. The exploit is publicly available.
Risk Assessment
The risk involves remote execution of unauthorized SQL queries, potentially leading to data leakage, modification, or deletion, and possible system compromise.
Recommendation
Immediately update the system to the latest version or apply a security patch. If not possible, disable or secure access to /preview3.php and use parameterized SQL queries.
Original NVD description (English source)
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument course_year_section leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

