CVE-2026-11344

HIGH

code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-11344. PoCs published by Xmyronn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-11344, an unauthenticated remote code execution vulnerability in the Vehicle Management System In PHP V1.0. The vulnerability arises from unrestricted file upload in `newdriver.php` and `newvehicle.php`, allowing attackers to upload and execute PHP webshells without authentication.

Description

A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used.

Exploits (1)

nomisec WRITEUP

by Xmyronn · poc

https://github.com/Xmyronn/CVE-2026-11344-RCE

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-11344, an unauthenticated remote code execution vulnerability in the Vehicle Management System In PHP V1.0. The vulnerability arises from unrestricted file upload in `newdriver.php` and `newvehicle.php`, allowing attackers to upload and execute PHP webshells without authentication.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Vehicle Management System In PHP V1.0

No auth needed

Prerequisites: Network access to the target system · Ability to send HTTP requests to the vulnerable endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 05, 2026 Full analysis →

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-368884 | code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload

https://vuldb.com/vuln/368884

Signature, Permissions Required signature permissions-required

VDB-368884 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/368884/cti

Third Party Advisory third-party-advisory

CVE-2026-11344 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11344

Third Party Advisory third-party-advisory

Submit #833153 | code-projects Vehicle Management System In PHP With Source Code 1.0` Incomplete Identification of Uploaded File Variables

https://vuldb.com/submit/833153

Exploit exploit

https://github.com/Xmyronn/Vehicle-Management-System-In-PHP---Unauthenticated-Remote-Code-Execution.git

Product product

https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 19.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-284 CWE-434

Status published

Products (1)

code-projects/Vehicle Management System 1.0

Published Jun 05, 2026

Tracked Since Jun 05, 2026