PatchSiren cyber security CVE debrief
CVE-2026-11471 SourceCodester CVE debrief
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is located in an unknown function of the file /index2.php and can be exploited remotely by manipulating the Password argument. The vulnerability has a CVSS score of 5.5 and is rated as MEDIUM.
- Vendor
- SourceCodester
- Product
- Class and Exam Timetabling System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of SourceCodester Class and Exam Timetabling System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper input validation in the /index2.php file, allowing an attacker to inject malicious SQL code. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to the latest version of SourceCodester Class and Exam Timetabling System
- Implement proper input validation and sanitization
- Use prepared statements to prevent SQL injection
Evidence notes
The vulnerability was reported by an unknown vendor and has been confirmed by Vuldb.
Official resources
CVE-2026-11471 was published on 2026-06-08T01:16:22.600Z and modified on 2026-06-08T14:57:14.757Z.