CVE-2026-14776
MEDIUMSourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload
Title source: cnaDescription
A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /upload_files.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The name of the affected product appears to have a typo in it.
References (6)
Core 6
Core References
Product product
https://www.sourcecodester.com/
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-376366 | SourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload
https://vuldb.com/vuln/376366
Signature, Permissions Required signature
permissions-required
VDB-376366 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376366/cti
Third Party Advisory third-party-advisory
CVE-2026-14776 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14776
Third Party Advisory third-party-advisory
Submit #850678 | SourceCodester Online Examination & Learning Management System 1.0 Unrestricted Upload
https://vuldb.com/submit/850678
Scores
CVSS v3
6.3
EPSS
0.0021
EPSS Percentile
11.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
CWE-434
Status
published
Products (1)
SourceCodester/Onlne Examination & Learning Management System
1.0
Published
Jul 05, 2026
Tracked Since
Jul 06, 2026