CVE-2026-11552: Use of Hard-coded Password in SourceCodester Onlne Examination & Learning Management System
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
AI Analysis
Technical Summary
This vulnerability affects SourceCodester Onlne Examination & Learning Management System 1.0 and a similarly named product. The issue arises from a hard-coded password ('CICT_2026') used in the import_users.php functionality, which can be triggered remotely by manipulating the raw_password parameter. This allows an attacker to bypass authentication or gain unauthorized access. The CVSS 4.0 base score is 6.9, reflecting medium severity with network attack vector, low complexity, no privileges required, and no user interaction needed. The vulnerability is publicly known but no official fix or patch has been published.
Potential Impact
An attacker can remotely exploit this vulnerability to gain unauthorized access or perform actions as an authenticated user by leveraging the hard-coded password. This may lead to compromise of user accounts or system integrity within the affected learning management system. The lack of required privileges or user interaction increases the risk of exploitation. However, no known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting network access to the affected import_users.php functionality or implement compensating controls such as web application firewalls to detect and block attempts to exploit the hard-coded password. Monitor for updates from the vendor regarding patches or official mitigations.
CVE-2026-11552: Use of Hard-coded Password in SourceCodester Onlne Examination & Learning Management System
Description
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
CVSS v4.0
Score 6.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects SourceCodester Onlne Examination & Learning Management System 1.0 and a similarly named product. The issue arises from a hard-coded password ('CICT_2026') used in the import_users.php functionality, which can be triggered remotely by manipulating the raw_password parameter. This allows an attacker to bypass authentication or gain unauthorized access. The CVSS 4.0 base score is 6.9, reflecting medium severity with network attack vector, low complexity, no privileges required, and no user interaction needed. The vulnerability is publicly known but no official fix or patch has been published.
Potential Impact
An attacker can remotely exploit this vulnerability to gain unauthorized access or perform actions as an authenticated user by leveraging the hard-coded password. This may lead to compromise of user accounts or system integrity within the affected learning management system. The lack of required privileges or user interaction increases the risk of exploitation. However, no known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting network access to the affected import_users.php functionality or implement compensating controls such as web application firewalls to detect and block attempts to exploit the hard-coded password. Monitor for updates from the vendor regarding patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-08T05:18:19.106Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2703fbe29bf47b505ca064
Added to database: 6/8/2026, 6:03:39 PM
Last enriched: 6/8/2026, 6:18:55 PM
Last updated: 6/9/2026, 4:57:26 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.