CVE Catalog

CVE-2026-11552

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability has been found in SourceCodester Online Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0, specifically in the file import_users.php. Manipulating the argument raw_password with the input CICT_2026 leads to the use of a hard-coded password.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a serious threat to the security of the system and user data.

Recommendation

It is recommended to update the system to the latest version and secure the import_users.php file against unauthorized access.

Original NVD description (English source)

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS