A vulnerability marked as critical has been reported in SourceCodester Class and Exam Timetabling System 1.0 . Affected is an unknown function of the file /archive.php . The manipulation of the argument sy leads to sql injection. This vulnerability is listed as CVE-2026-13487 . The attack may be initiated remotely. In addition, an exploit is available.