A vulnerability described as critical has been identified in SourceCodester Class and Exam Timetabling System 1.0/7.php . Affected by this vulnerability is an unknown functionality of the file /preview7.php . The manipulation of the argument course_year_section results in sql injection. This vulnerability is cataloged as CVE-2026-13488 . The attack may be launched remotely. Furthermore, there is an exploit available.