CVE-2026-13485 SourceCodester CVE debrief

Who should care

Security teams and administrators responsible for Class and Exam Timetabling System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it. The vulnerability can be exploited remotely, and the exploit has been made public. Therefore, it is essential to prioritize patching or applying compensating controls to prevent potential attacks.

Technical summary

The vulnerability is a SQL injection vulnerability in the Class and Exam Timetabling System 1.0. It affects the /preview.php file and can be exploited by manipulating the course_year_section argument. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

This vulnerability should be prioritized for patching or applying compensating controls due to its MEDIUM severity and public exploit availability. Security teams should work with vendors to ensure prompt remediation.

Recommended defensive actions

• Patch or update Class and Exam Timetabling System 1.0 to the latest version.
• Apply input validation and sanitization to prevent SQL injection attacks.
• Implement web application firewalls (WAFs) to detect and block suspicious traffic.
• Conduct regular security audits and vulnerability assessments.
• Monitor systems for potential attacks and implement incident response plans.

Evidence notes

The vulnerability was found in the Class and Exam Timetabling System 1.0, and the exploit has been made public. The CVSS score is 5.5, and the severity is MEDIUM. The vulnerability affects the /preview.php file and can be exploited remotely by manipulating the course_year_section argument.

Official resources