A vulnerability identified as critical has been detected in SourceCodester Class and Exam Timetabling System 1.0 . This affects an unknown function of the file /preview.php . Performing a manipulation of the argument course_year_section results in sql injection. This vulnerability is identified as CVE-2026-13485 . The attack can be initiated remotely. Additionally, an exploit exists.