SourceCodester Class and Exam Timetabling System preview7.php sql injection

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument course_year_section results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Basic Information

ID CVE-2026-13488

Source VulDB

Published Jun 28, 2026 at 10:30

Affected Product

Vendor SourceCodester

Product Class and Exam Timetabling System

Version 1.0

Affected Versions SourceCodester Class and Exam Timetabling System 1.0
SourceCodester Class and Exam Timetabling System 7.php

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument course_year_section results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-06-28T10:30:09.065Z",
    "modified": "2026-06-28T10:30:09.065Z",
    "type": "cve",
    "title": "SourceCodester Class and Exam Timetabling System preview7.php sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/374485\nhttps://vuldb.com/vuln/374485/cti\nhttps://vuldb.com/cve/CVE-2026-13488\nhttps://vuldb.com/submit/838190\nhttps://github.com/yan-124/yan/issues/4\nhttps://www.sourcecodester.com/",
    "id": "CVE-2026-13488",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "SourceCodester Class and Exam Timetabling System 1.0\nSourceCodester Class and Exam Timetabling System 7.php",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Class and Exam Timetabling System",
    "version": "1.0",
    "vendor": "SourceCodester",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SourceCodester Class and Exam Timetabling System preview7.php sql injection_CVE-2026-13488