general · MITRE
A SQL injection vulnerability was identified in SourceCodester's Class and Exam Timetabling System version 1.0, affecting the /preview6.php file. The vulnerability exists in the course_year_section parameter and can be exploited remotely without authentication or user interaction. The exploit has been publicly disclosed.
Organizations using open-source or third-party scheduling and administrative systems should evaluate whether similar SQL injection patterns exist in their infrastructure, particularly those handling student or employee data subject to FERPA or state privacy frameworks. SaaS platforms integrating educational management tools should confirm input validation and parameterized query use across all database interactions as part of SOC2 Type II controls. An Omniware engagement can scope code review and remediation strategy.
Source: MITRE National Vulnerability Database - https://nvd.nist.gov/vuln/detail/CVE-2026-13486
Source: MITRE
All briefings