Home

Description

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

PUBLISHED Reserved 2026-06-08 | Published 2026-06-08 | Updated 2026-06-08 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
5.0AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Problem types

Use of Hard-coded Password

Credentials Management

Product status

1.0
affected

1.0
affected

Timeline

2026-06-08:Advisory disclosed
2026-06-08:VulDB entry created
2026-06-08:VulDB entry last update

Credits

Kamran Saifullah (VulDB User) reporter

VulDB Vulnerability Moderation Team coordinator

References

vuldb.com/vuln/369162 (VDB-369162 | SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password) vdb-entry technical-description

vuldb.com/vuln/369162/cti (VDB-369162 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-11552 (CVE-2026-11552 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/836751 (Submit #836751 | SourceCodester Onlne Examination & Learning Management System using PHP and MySQL 0 Use of Hard-coded Password) third-party-advisory

www.sourcecodester.com/ product

cve.org (CVE-2026-11552)

nvd.nist.gov (CVE-2026-11552)

Download JSON