PatchSiren cyber security CVE debrief
CVE-2026-11472 SourceCodester CVE debrief
A SQL injection vulnerability was discovered in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability affects an unknown function of the file /index1.php, specifically through manipulation of the Password argument. This vulnerability can be exploited remotely. The exploit has been publicly disclosed and may be utilized.
- Vendor
- SourceCodester
- Product
- Class and Exam Timetabling System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of SourceCodester Class and Exam Timetabling System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. It is classified under CWE-74 and CWE-89. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to fix the SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0.
- Restrict access to the /index1.php file to prevent remote exploitation.
- Use prepared statements or parameterized queries to prevent SQL injection attacks.
Evidence notes
The vulnerability was reported by an unknown vendor and has a low confidence level. The evidence is based on information from Vuldb.
Official resources
CVE-2026-11472 was published on 2026-06-08T01:16:22.760Z and modified on 2026-06-08T14:57:14.757Z.