PatchSiren cyber security CVE debrief
CVE-2026-11486 SourceCodester CVE debrief
A SQL injection vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability affects an unknown functionality of the file /archive1.php and can be exploited remotely. The exploit is publicly available.
- Vendor
- SourceCodester
- Product
- Class and Exam Timetabling System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of SourceCodester Class and Exam Timetabling System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper input validation in the /archive1.php file, allowing an attacker to inject malicious SQL code through the 'sy' argument.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to the latest version of SourceCodester Class and Exam Timetabling System, if available.
- Implement input validation and sanitization for user input in the /archive1.php file.
- Use prepared statements with parameterized queries to prevent SQL injection attacks.
Evidence notes
The vulnerability was reported by an unknown vendor and has a low confidence level.
Official resources
CVE-2026-11486 was published on 2026-06-08T05:16:29.680Z and modified on 2026-06-08T14:57:14.757Z.