PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13486 SourceCodester CVE debrief

CVE-2026-13486 is a SQL injection vulnerability in the SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is located in the /preview6.php file, where an attacker can manipulate the course_year_section argument to inject malicious SQL code. This can be done remotely, and the exploit has been publicly disclosed. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. The vendor is listed as Unknown Vendor, and the product name is not specified. The CVE record was published on 2026-06-28T10:16:27.150Z.

Vendor
SourceCodester
Product
Class and Exam Timetabling System
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-28
Original CVE updated
2026-06-28
Advisory published
2026-06-28
Advisory updated
2026-06-28

Who should care

Security teams and administrators responsible for the SourceCodester Class and Exam Timetabling System 1.0 should be aware of this vulnerability and take immediate action to remediate it. Additionally, developers and researchers interested in secure coding practices and vulnerability disclosure should also take note of this CVE.

Technical summary

The vulnerability is caused by a lack of proper input validation in the /preview6.php file, allowing an attacker to inject malicious SQL code through the course_year_section argument. The attack can be launched remotely, and the exploit has been publicly disclosed. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weaknesses associated with this vulnerability are CWE-74 and CWE-89.

Defensive priority

This vulnerability has a medium severity and should be prioritized for remediation. Security teams should take immediate action to apply any available patches or workarounds to prevent exploitation.

Recommended defensive actions

  • Apply patches or updates to the SourceCodester Class and Exam Timetabling System 1.0 to fix the SQL injection vulnerability.
  • Implement input validation and sanitization to prevent malicious SQL code injection.
  • Monitor the system for suspicious activity and implement logging and auditing to detect potential exploitation attempts.
  • Consider implementing a web application firewall (WAF) to detect and prevent SQL injection attacks.
  • Conduct regular security assessments and penetration testing to identify and address vulnerabilities.

Evidence notes

The CVE record was published on 2026-06-28T10:16:27.150Z, and the vulnerability has been publicly disclosed. The exploit has been made publicly available, and the attack can be launched remotely. The CVSS score is 5.5, and the severity is MEDIUM. The vendor is listed as Unknown Vendor, and the product name is not specified.

Official resources

This article is AI-assisted and based on the supplied source corpus.