CVE-2026-11552
Deferred Deferred - Pending Action

Hard-Coded Password in Online Examination System

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulDB

Description
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-29
AI Q&A
2026-06-08
EPSS Evaluated
2026-06-27
NVD
CVE-2026-11552
EUVD
EUVD-2026-35174

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
sourcecodester online_examination_and_learning_management_system 1.0
sourcecodester syllabus_aligned_learning_management_and_examination_system 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-255
CWE-259 The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the SourceCodester Online Examination & Learning Management System and the Syllabus-aligned Learning Management and Examination System 1.0. It involves the file import_users.php, where the argument raw_password can be manipulated with the input 'CICT_2026' to cause the system to use a hard-coded password. This flaw can be exploited remotely.

Impact Analysis

The vulnerability allows an attacker to remotely exploit the system by using a hard-coded password, potentially gaining unauthorized access. This could compromise the confidentiality of user accounts or sensitive information within the affected systems.

Compliance Impact

The vulnerability involves the use of a hard-coded password in the import_users.php file, which can be exploited remotely. This weakness could potentially lead to unauthorized access to user accounts or sensitive data.

Such unauthorized access risks violating data protection requirements under regulations like GDPR and HIPAA, which mandate adequate security controls to protect personal and sensitive information.

Therefore, this vulnerability may negatively impact compliance with these standards by undermining the confidentiality of user data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11552. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart