CVE-2026-11486
HighCVSS 7.3Summary
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Manipulating the 'sy' argument in the /archive1.php file leads to SQL injection, allowing for remote exploitation.
Risk Assessment
Remote exploitation of this vulnerability could lead to unauthorized access to the database, posing a serious threat to the integrity and confidentiality of the organization's data.
Recommendation
It is recommended to immediately update the system to the latest version and implement input data filtering to prevent SQL injection.
Original NVD description (English source)
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

