PatchSiren cyber security CVE debrief
CVE-2026-11484 SourceCodester CVE debrief
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
- Vendor
- SourceCodester
- Product
- Class and Exam Timetabling System 1.0
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of SourceCodester Class and Exam Timetabling System 1.0
Technical summary
The vulnerability is caused by a SQL injection weakness in the /archive3.php file of SourceCodester Class and Exam Timetabling System 1.0. The manipulation of the argument sy leads to SQL injection, which can be exploited remotely.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to fix the SQL injection vulnerability in /archive3.php
- Implement input validation and sanitization for user input
- Use prepared statements to prevent SQL injection
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and weaknesses.
Official resources
CVE-2026-11484 was published on 2026-06-08T05:16:29.350Z and modified on 2026-06-08T14:57:14.757Z.