PatchSiren cyber security CVE debrief

CVE-2026-11485 SourceCodester CVE debrief

CVE-2026-11485 is a SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability has a CVSS score of 5.5 and was first published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-11485). The vulnerability affects an unknown function of the file /archive2.php and can be exploited remotely. The vulnerability is caused by manipulation of the argument sy, which leads to SQL injection. The exploit has been disclosed publicly and may be used. For more information, see [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11485) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11485).

Vendor: SourceCodester
Product: Class and Exam Timetabling System
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-08
Original CVE updated: 2026-06-08
Advisory published: 2026-06-08
Advisory updated: 2026-06-08

Who should care

Administrators and users of SourceCodester Class and Exam Timetabling System 1.0 should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability is a SQL injection vulnerability in the /archive2.php file of SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is caused by manipulation of the argument sy, which leads to SQL injection. The vulnerability has a CVSS score of 5.5 and can be exploited remotely.

Defensive priority

Medium

Recommended defensive actions

Apply patches or updates to fix the vulnerability.
Use prepared statements to prevent SQL injection.
Limit database privileges to the minimum required.

Evidence notes

The vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability affects an unknown function of the file /archive2.php and can be exploited remotely.

Official resources

CVE-2026-11485 was first published on 2026-06-08T05:16:29.517Z and last modified on 2026-06-08T14:57:14.757Z.