CVE-2026-11486

SourceCodester Class and Exam Timetabling System archive1.php sql injection

CVSS 6.9 MEDIUMEPSS 0.3%CWE-74 CWE-89

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

SourceCodester · Class and Exam Timetabling System

public PoCs found — 1

cve_referencegithub.com/ssaaaa1234/cve/issues/1unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/ssaaaa1234/cve/issues/1 https://vuldb.com/cve/CVE-2026-11486 https://vuldb.com/submit/834111 https://vuldb.com/vuln/369106 https://vuldb.com/vuln/369106/cti https://www.sourcecodester.com/