CVE-2026-13488

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Jun 28, 2026

Vendor unknown

Description

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument course_year_section results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

References

https://github.com/yan-124/yan/issues/4
https://vuldb.com/cve/CVE-2026-13488
https://vuldb.com/submit/838190
https://vuldb.com/vuln/374485
https://vuldb.com/vuln/374485/cti