CVE Catalog

CVE-2026-13487

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /archive.php file via the sy argument. The attack can be performed remotely and the exploit is publicly available.

Risk Assessment

The risk includes unauthorized database access, sensitive data leakage, and potential modification of system data.

Recommendation

Immediately update the system to the latest version or apply a security patch to prevent SQL injection, e.g., by input validation and using parameterized queries.

Original NVD description (English source)

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS