CVE-2026-11484 - Vulnerability Details

- SourceCodester Class and Exam Timetabling System archive3.php sql injection

Description

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Published: 2026-06-08

Score: 6.9 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw exists in SourceCodester Class and Exam Timetabling System 1.0 that allows an attacker to inject arbitrary SQL commands through the `sy` argument in the file /archive3.php. The injection can be performed remotely and the public has released an exploit, meaning the vulnerability can be leveraged without local access or user interaction. Once executed, the attacker can read, modify or delete data stored in the database, compromising the confidentiality, integrity, and availability of the system.

Affected Systems

SourceCodester's Class and Exam Timetabling System, version 1.0, is affected. No other vendors or products have been reported to be impacted by this vulnerability.

Risk and Exploitability

The vulnerability has a CVSS score of 6.9, indicating a moderate to high risk. No EPSS score is available, and the issue is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, as the description explicitly states the attack may be initiated remotely, and the presence of a public exploit increases the likelihood of usage. The CWE identifiers CWE‑74 (Untrusted Input) and CWE‑89 (SQL Injection) highlight the nature of the weakness. Given these factors, administrators should regard the vulnerability as significant and consider it an actionable threat.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

Class and Exam Timetabling System

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Class And Exam Timetabling System

95%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Search for and install a vendor-provided update for Class and Exam Timetabling System 1.0 that fixes the SQL injection in /archive3.php.
Deploy a web application firewall rule that detects and blocks input patterns indicative of SQL injection on the /archive3.php endpoint.
Limit the database user privileges used by the application to the minimum required, ensuring that it cannot read or modify sensitive tables that are not part of the normal operational functions.

Generated by OpenCVE AI on June 8, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/ssaaaa1234/cve/issues/3
https://vuldb.com/cve/CVE-2026-11484
https://vuldb.com/submit/834109
https://vuldb.com/vuln/369104
https://vuldb.com/vuln/369104/cti
https://www.sourcecodester.com/

History

Mon, 08 Jun 2026 05:00:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Title		SourceCodester Class and Exam Timetabling System archive3.php sql injection
First Time appeared		Sourcecodester Sourcecodester class And Exam Timetabling System
Weaknesses		CWE-74 CWE-89
CPEs		cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system::::::::
Vendors & Products		Sourcecodester Sourcecodester class And Exam Timetabling System
References		https://github.com/ssaaaa1234/cve/issues/3 https://vuldb.com/cve/CVE-2026-11484 https://vuldb.com/submit/834109 https://vuldb.com/vuln/369104 https://vuldb.com/vuln/369104/cti https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Sourcecodester Class And Exam Timetabling System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-08T03:30:08.581Z

Updated: 2026-06-08T03:30:08.581Z

Reserved: 2026-06-07T10:02:56.695Z

Link: CVE-2026-11484

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T05:16:29.350

Modified: 2026-06-08T05:16:29.350

Link: CVE-2026-11484

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-08T06:30:17Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object