A vulnerability identified as critical has been detected in SourceCodester Class and Exam Timetabling System 1.0 . Affected by this vulnerability is an unknown functionality of the file /archive1.php . Performing a manipulation of the argument sy results in sql injection. This vulnerability is known as CVE-2026-11486 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.