A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0/5.php . Affected by this vulnerability is an unknown functionality of the file /preview5.php . Such manipulation of the argument course_year_section leads to sql injection. This vulnerability is listed as CVE-2026-13521 . The attack may be performed from remote. In addition, an exploit is available.