📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global general Technology/AI Services LOW 1h Global vulnerability Information Technology CRITICAL 4h Global vulnerability Information Technology CRITICAL 5h Global vulnerability Software and Technology HIGH 5h Global vulnerability Software and Cloud Services CRITICAL 5h Global phishing Artificial Intelligence and Email Security HIGH 6h Global phishing Email and Communications CRITICAL 7h Global vulnerability Enterprise Software / E-commerce CRITICAL 7h Global supply_chain Software Development and Technology CRITICAL 7h Global vulnerability Information Technology HIGH 8h Global general Technology/AI Services LOW 1h Global vulnerability Information Technology CRITICAL 4h Global vulnerability Information Technology CRITICAL 5h Global vulnerability Software and Technology HIGH 5h Global vulnerability Software and Cloud Services CRITICAL 5h Global phishing Artificial Intelligence and Email Security HIGH 6h Global phishing Email and Communications CRITICAL 7h Global vulnerability Enterprise Software / E-commerce CRITICAL 7h Global supply_chain Software Development and Technology CRITICAL 7h Global vulnerability Information Technology HIGH 8h Global general Technology/AI Services LOW 1h Global vulnerability Information Technology CRITICAL 4h Global vulnerability Information Technology CRITICAL 5h Global vulnerability Software and Technology HIGH 5h Global vulnerability Software and Cloud Services CRITICAL 5h Global phishing Artificial Intelligence and Email Security HIGH 6h Global phishing Email and Communications CRITICAL 7h Global vulnerability Enterprise Software / E-commerce CRITICAL 7h Global supply_chain Software Development and Technology CRITICAL 7h Global vulnerability Information Technology HIGH 8h
Vulnerabilities

CVE-2026-11552

Medium
CWE-255 — Weakness Type
Published: Jun 8, 2026  ·  Modified: Jun 10, 2026  ·  Source: NVD
CVSS v3
5.3
🔗 NVD Official
📄 Description (English)

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

🤖 AI Executive Summary

CVE-2026-11552 is a medium-severity vulnerability in SourceCodester's Online Examination & Learning Management System affecting the import_users.php file. The vulnerability allows remote attackers to exploit hard-coded password functionality through manipulation of the raw_password parameter, potentially enabling unauthorized access to educational management systems. No patch is currently available, requiring immediate compensating controls in Saudi educational institutions.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Jun 8, 2026 22:08
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi educational institutions including universities, technical colleges, and K-12 schools utilizing this LMS platform. The Ministry of Education (MOE), higher education institutions under MOHE, and private educational providers are at risk. The hard-coded password vulnerability could enable unauthorized access to student records, examination data, and administrative functions. Secondary impact includes potential compromise of educational data privacy and integrity affecting thousands of students and educators across Saudi Arabia.
🏢 Affected Saudi Sectors
Education - Higher Education Institutions Education - K-12 Schools Education - Technical and Vocational Colleges Government - Ministry of Education Government - Ministry of Higher Education Private Educational Providers
⚖️ Saudi Risk Score (AI)
6.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:

1. Identify all instances of SourceCodester Online Examination & Learning Management System in your organization

2. Restrict network access to import_users.php to authorized administrators only using firewall rules

3. Implement IP whitelisting for the import_users.php endpoint

4. Disable the import_users.php functionality if not actively required

5. Monitor access logs for suspicious import_users.php requests



Compensating Controls:

6. Implement Web Application Firewall (WAF) rules to block requests containing suspicious raw_password parameters

7. Enable detailed logging and alerting for all user import operations

8. Conduct immediate audit of all user accounts created via import functionality

9. Implement multi-factor authentication for administrative access

10. Consider migration to alternative LMS solutions with active security support



Detection Rules:

- Monitor POST requests to import_users.php with raw_password parameter

- Alert on failed authentication attempts following import operations

- Track unusual user account creation patterns
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع حالات نظام إدارة التعلم والامتحانات عبر الإنترنت من SourceCodester في مؤسستك

2. تقييد الوصول إلى import_users.php للمسؤولين المصرح لهم فقط باستخدام قواعد جدار الحماية

3. تطبيق قائمة بيضاء للعناوين IP لنقطة نهاية import_users.php

4. تعطيل وظيفة import_users.php إذا لم تكن مطلوبة بنشاط

5. مراقبة سجلات الوصول للطلبات المريبة إلى import_users.php



الضوابط التعويضية:

6. تطبيق قواعد جدار تطبيقات الويب (WAF) لحجب الطلبات التي تحتوي على معاملات raw_password مريبة

7. تفعيل التسجيل والتنبيهات التفصيلية لجميع عمليات استيراد المستخدمين

8. إجراء تدقيق فوري لجميع حسابات المستخدمين التي تم إنشاؤها عبر وظيفة الاستيراد

9. تطبيق المصادقة متعددة العوامل للوصول الإداري

10. النظر في الهجرة إلى حلول LMS بديلة مع دعم أمان نشط



قواعد الكشف:

- مراقبة طلبات POST إلى import_users.php مع معامل raw_password

- التنبيه على محاولات المصادقة الفاشلة بعد عمليات الاستيراد

- تتبع أنماط إنشاء حسابات المستخدمين غير العادية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures A.6.1.1 - Access control policy A.6.2.1 - User registration and access rights management A.8.2.1 - Classification of information A.9.2.1 - User access management A.9.4.3 - Password management
🔵 SAMA CSF
ID.AM-1 - Asset Management PR.AC-1 - Access Control Policy PR.AC-6 - Access Control - Least Privilege DE.CM-1 - Detection and Analysis RS.MI-1 - Incident Response Mitigation
🟡 ISO 27001:2022
A.5.1.1 - Policies for information security A.6.1.1 - Information security roles and responsibilities A.8.2.1 - Classification of information A.9.2.1 - User access management A.9.4.3 - Password management A.12.4.1 - Event logging
📊 CVSS Score
5.3
/ 10.0 — Medium
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityL — Low / Local
IntegrityN — None / Network
AvailabilityN — None / Network
📋 Quick Facts
Severity Medium
CVSS Score5.3
CWECWE-255
EPSS0.03%
Exploit No
Patch ✗ No
Published 2026-06-08
Source Feed nvd
🇸🇦 Saudi Risk Score
6.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-255
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.