CVE-2026-11552
Description
SourceCodester LMS and Syllabus-aligned LMS 1.0 are vulnerable to hard-coded password usage in import_users.php, allowing remote attackers to exploit.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SourceCodester LMS and Syllabus-aligned LMS 1.0 are vulnerable to hard-coded password usage in import_users.php, allowing remote attackers to exploit.
Vulnerability
A vulnerability exists in SourceCodester Online Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0, specifically within the import_users.php file. The manipulation of the raw_password argument with the input CICT_2026 leads to the use of a hard-coded password.
Exploitation
An attacker can initiate this attack remotely by manipulating the raw_password argument in the import_users.php script with the specific input CICT_2026. No other specific conditions or user interaction are mentioned in the available references.
Impact
The vulnerability allows for the use of a hard-coded password, which could lead to unauthorized access or compromise of user data, depending on how this password is used within the system's functionality. The exact impact is not fully detailed in the provided references.
Mitigation
No specific mitigation or patched version information is available in the provided references. The vulnerability has been publicly disclosed and may be exploitable.
AI Insight generated on Jun 8, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 1.0
- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
5News mentions
0No linked articles in our index yet.