CVE-2026-13521 PUBLISHED

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

• L4ne (VulDB User) reporter

• VDB-374529 | SourceCodester Class and Exam Timetabling System preview5.php sql injection
• VDB-374529 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-13521 | CVE Analysis and Report
• Submit #839572 | sourcecodester Class and Exam Timetabling System V1.0 SQL injection
• https://github.com/xiaoxuxu233/myCVE/issues/2
• https://www.sourcecodester.com/

• SQL Injection CWE
• Injection CWE