PatchSiren cyber security CVE debrief
CVE-2026-11552 SourceCodester CVE debrief
A vulnerability has been found in SourceCodester Online Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely.
- Vendor
- SourceCodester
- Product
- Onlne Examination & Learning Management System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of SourceCodester Online Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0 should apply patches or mitigations as soon as possible.
Technical summary
The vulnerability exists in the import_users.php file, where an attacker can manipulate the raw_password argument to use a hard-coded password. This can be exploited remotely.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor.
- Restrict access to the import_users.php file.
- Monitor for suspicious activity on the affected system.
Evidence notes
The vulnerability has been disclosed to the public and may be used.
Official resources
CVE-2026-11552 was published on 2026-06-08T18:16:32.307Z and modified on 2026-06-09T01:32:36.950Z.