CVE-2026-13485 MEDIUM

CVE-2026-13485: SourceCodester Class and Exam Timetabling System preview.php sql injection

Vendor Sourcecodester

Product Class and Exam Timetabling System

Weakness CWE-89 · SQLi

Published June 28, 2026

Last update June 28, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Key dates

Disclosure timeline

June 28, 2026 CVE published