CVE-2026-11515 PUBLISHED

A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the component Password Reset Handler. Such manipulation of the argument new_password with the input password123 leads to use of hard-coded password. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

• Kamran Saifullah (VulDB User) reporter
• VulDB Vulnerability Moderation Team coordinator

• VDB-369135 | SourceCodester Barangay Resident Profiling and Information Management System Password Reset passsword_reset.php hard-coded password
• VDB-369135 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-11515 | CVE Analysis and Report
• Submit #836238 | SourceCodester Barangay Resident Profiling and Information Management System (BRPMS) in PHP/MySQL 0 Unverified Password Change
• https://www.sourcecodester.com/

• Use of Hard-coded Password CWE
• Credentials Management CWE