Hard-Coded Password Vulnerability in SourceCodester Online Examination System
CVE-2026-11552
6.9MEDIUM
Key Information:
- Vendor
Sourcecodester
- Status
- Vendor
- CVE Published:
- 8 June 2026
What is CVE-2026-11552?
A vulnerability exists in SourceCodester's Online Examination & Learning Management System that affects the file 'import_users.php'. This issue arises from the manipulation of the 'raw_password' argument, leading to the exposure of hard-coded passwords when inputs such as 'CICT_2026' are processed. This flaw allows an attacker to execute exploits remotely, posing significant security risks. The product is available under multiple names, emphasizing the need for immediate remediation.
Affected Version(s)
Onlne Examination & Learning Management System 1.0
Syllabus-aligned Learning Management and Examination System 1.0
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Kamran Saifullah (VulDB User)
VulDB Vulnerability Moderation Team
