CVE-2026-14776
A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is
CVSS
6.3
Medio
EPSS
0.2%
p12
KEV
—
Exploit Today
4
0-100
Publicado: 5 jul 2026 · Última mod.: 6 jul 2026 · CWE-284 · CWE-434
0.2%EPSS · 30 días0.2%
2026-07-062026-07-17
A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /upload_files.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The name of the affected product appears to have a typo in it.
- github.comhttps://github.com/nuiifornet/A033/blob/main/OE-LMS-RCE-2-upload_files.md
- vuldb.comhttps://vuldb.com/cve/CVE-2026-14776
- vuldb.comhttps://vuldb.com/submit/850678
- vuldb.comhttps://vuldb.com/vuln/376366
- vuldb.comhttps://vuldb.com/vuln/376366/cti
- www.sourcecodester.comhttps://www.sourcecodester.com/
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-562909.8 CRÍ85.4%
KEV—76Joomlack Page Builder Improper Access Control Vulnerability10dCVE-2026-489089.8 CRÍ72.6%
KEV—72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability10dCVE-2026-489399.8 CRÍ71.5%
KEV—71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability7dCVE-2026-562919.8 CRÍ53.7%
KEV—66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability7dCVE-2023-388368.8 ALT99.3%
——30File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.10dCVE-2023-464747.2 ALT97.3%
——29File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.10d