SQL Injection Vulnerability (CVE-2026-13485) Disclosed in SourceCodester Class and Exam Timetabling System

A critical SQL injection vulnerability, tracked as CVE-2026-13485, has been discovered in SourceCodester Class and Exam Timetabling System version 1.0. The flaw, found in the `/preview.php` file through manipulation of the `course_year_section` argument, allows for remote exploitation. The exploit has been made public, posing a significant risk to affected systems.