EUVD-2026-34865
GHSA-wr5j-g224-7wj3
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used.
AnalysisAI
Unrestricted file upload in code-projects Vehicle Management System 1.0 allows remote unauthenticated attackers to upload arbitrary files via the photo parameter of the New Driver Registration Form (newdriver.php), enabling remote code execution. Publicly available exploit code exists on GitHub, increasing the likelihood of opportunistic abuse against exposed instances despite no CISA KEV listing.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The vulnerable code-projects Vehicle Management System 1.0 instance must be deployed with newdriver.php (the New Driver Registration Form) reachable over the network, and the upload directory must permit PHP execution by the web server - which is the default for typical LAMP/XAMPP deployments this sample app targets. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N indicates network-reachable, low-complexity, unauthenticated exploitation with no user interaction - favorable conditions for attackers. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker browses to the public-facing /newdriver.php registration form and submits a crafted multipart POST request supplying a PHP webshell (e.g., shell.php) in the photo field. The server writes the file into the uploads directory; the attacker then requests the uploaded path directly, executing arbitrary commands as the web server user and pivoting to data theft or full host takeover. … |
| Remediation | No vendor-released patch identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify and inventory all Vehicle Management System 1.0 instances; restrict network access to newdriver.php via firewall rules; disable or isolate the application from internet-facing access; notify all users to cease operations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today