CVE Catalog

CVE-2026-13488

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

A SQL injection vulnerability has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php in the file /preview7.php. Manipulation of the course_year_section argument allows remote exploitation. The exploit has been publicly released and may be used in attacks.

Risk Assessment

An attacker can remotely manipulate SQL queries, potentially leading to unauthorized database access, data leakage, or data modification.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, validate and sanitize all input data in the /preview7.php file.

Original NVD description (English source)

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument course_year_section results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS