CVE-2026-13485 PUBLISHED

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

• llfak (VulDB User) reporter

• VDB-374482 | SourceCodester Class and Exam Timetabling System preview.php sql injection
• VDB-374482 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-13485 | CVE Analysis and Report
• Submit #838185 | sourcecodester Class and Exam Timetabling System V1.0 SQL injection
• https://github.com/lffaker/cybersec/issues/6
• https://www.sourcecodester.com/

• SQL Injection CWE
• Injection CWE