general · MITRE
SourceCodester Class and Exam Timetabling System version 1.0 contains a SQL injection vulnerability in the /preview.php file. The flaw allows remote attackers to manipulate the course_year_section parameter to inject arbitrary SQL commands. According to the NVD record, a public exploit is available, and the attack requires no authentication or user interaction.
Organizations using this timetabling system should inventory affected instances and assess their exposure to remote SQL injection attacks. For healthcare providers and SaaS teams reliant on third-party educational management software, this vulnerability poses a risk to data confidentiality, integrity, and availability—all material to HIPAA and SOC2 Type II controls around access and data protection. Defense contractors and other regulated entities storing sensitive data in such applications should prioritize remediation or isolation. An Omniware engagement can scope the risk within your infrastructure and map compensating controls to your compliance framework.
Source: NIST National Vulnerability Database - https://nvd.nist.gov/vuln/detail/CVE-2026-13485
Source: MITRE
All briefings