A vulnerability categorized as critical has been discovered in SourceCodester Class and Exam Timetabling System 1.0 . Affected is an unknown function of the file /archive2.php . Such manipulation of the argument sy leads to sql injection. This vulnerability is traded as CVE-2026-11485 . The attack may be launched remotely. Furthermore, there is an exploit available.