A vulnerability labeled as critical has been found in SourceCodester Class and Exam Timetabling System 1.0/6.php . This impacts an unknown function of the file /preview6.php . Executing a manipulation of the argument course_year_section can lead to sql injection. This vulnerability is tracked as CVE-2026-13486 . The attack can be launched remotely. Moreover, an exploit is present.