CVE-2026-11552 MEDIUM

CVE-2026-11552: SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password

Vendor Sourcecodester

Product Onlne Examination & Learning Management System

Weakness CWE-259

Published June 8, 2026

Last update June 8, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

Key dates

Disclosure timeline

June 8, 2026 CVE published

June 8, 2026 Record updated

Identifiers

CVE CVE-2026-11552

CWE CWE-259

CVSS 6.9 / MEDIUM

Affected versions

Vendor Sourcecodester

Product Onlne Examination & Learning Management System

Affected 1.0

Vendor Sourcecodester

Product Syllabus-aligned Learning Management and Examination System

Affected 1.0