CVE-2026-13526
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_class.php file via the ID parameter. The attack can be performed remotely and the exploit has been published.
Risk Assessment
The risk includes unauthorized database access, sensitive data leakage, and potential system takeover.
Recommendation
Immediately update the system to the latest version or apply a security patch, and implement input validation and sanitization.
Original NVD description (English source)
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_class.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

