CVE-2026-5576

MEDIUM

SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload

Title source: cna

Description

A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-355346 | SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload

https://vuldb.com/vuln/355346

Signature, Permissions Required signature permissions-required

VDB-355346 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/355346/cti

Third Party Advisory third-party-advisory

Submit #783473 | jkev Personnel Record Management System V1.0 Unrestricted Upload

https://vuldb.com/submit/783473

Exploit exploit

https://github.com/whatyourname12345/CVE/blob/main/PRMS/cve_Arbitrary%20File%20Upload%20to%20RCE.md

View Exploit ZIP pw:eip

Scores

CVSS v3 4.7

EPSS 0.0029

EPSS Percentile 20.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284 CWE-434

Status published

Products (2)

jkev/Record Management System 1.0

SourceCodester/Record Management System 1.0

Published Apr 05, 2026

Tracked Since Apr 05, 2026