PatchSiren cyber security CVE debrief
CVE-2026-11483 SourceCodester CVE debrief
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in SQL injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
- Vendor
- SourceCodester
- Product
- Class and Exam Timetabling System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of SourceCodester Class and Exam Timetabling System 1.0
Technical summary
The vulnerability is caused by a SQL injection issue in the /archive4.php file of SourceCodester Class and Exam Timetabling System 1.0. The attack can be launched remotely.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to fix the SQL injection vulnerability
- Use prepared statements to prevent SQL injection attacks
- Limit database privileges to the minimum required for the application
Evidence notes
The vulnerability has been publicly disclosed and an exploit has been released.
Official resources
CVE-2026-11483 was published on 2026-06-08T05:16:29.010Z and modified on 2026-06-08T14:57:14.757Z.