CVE-2026-11552
MEDIUMSourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password
Title source: cnaDescription
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-369162 | SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password
https://vuldb.com/vuln/369162
Signature, Permissions Required signature
permissions-required
VDB-369162 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/369162/cti
Third Party Advisory third-party-advisory
CVE-2026-11552 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11552
Third Party Advisory third-party-advisory
Submit #836751 | SourceCodester Onlne Examination & Learning Management System using PHP and MySQL 0 Use of Hard-coded Password
https://vuldb.com/submit/836751
Product product
https://www.sourcecodester.com/
Scores
CVSS v3
5.3
EPSS
0.0029
EPSS Percentile
20.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-255
CWE-259
Status
published
Products (2)
SourceCodester/Onlne Examination & Learning Management System
1.0
SourceCodester/Syllabus-aligned Learning Management and Examination System
1.0
Published
Jun 08, 2026
Tracked Since
Jun 09, 2026