CVE-2026-13487

Description

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive.php. The manipulation of the argument sy leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

References

• https://github.com/lffaker/cybersec/issues/4
• https://vuldb.com/cve/CVE-2026-13487
• https://vuldb.com/submit/838189
• https://vuldb.com/vuln/374484
• https://vuldb.com/vuln/374484/cti