CVE-2014-8997

DigitalVidhya Digi Online Examination System 2.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8997. PoCs published by Halil Dalabasmaz.

AI-analyzed exploit summary This is a writeup describing an unrestricted file upload vulnerability in Digi Online Examination System v2.0. It explains how an attacker can upload a malicious PHP shell during registration via the 'Photo' section and execute it remotely.

Description

Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Halil Dalabasmaz · textwebappsphp
https://www.exploit-db.com/exploits/35223

This is a writeup describing an unrestricted file upload vulnerability in Digi Online Examination System v2.0. It explains how an attacker can upload a malicious PHP shell during registration via the 'Photo' section and execute it remotely.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Digi Online Examination System v2.0
No auth needed
Prerequisites: Access to the registration page of the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35223
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98662

Scores

EPSS 0.0913
EPSS Percentile 94.7%

Details

CWE
CWE-94
Status published
Products (1)
digitalvidhya/digi_online_examination_system 2.0
Published Nov 20, 2014
Tracked Since Feb 18, 2026