Is there a public PoC exploit available for CVE-2026-5181?

Yes, a public proof-of-concept exploit is available for CVE-2026-5181. Prioritise patching immediately. EPSS: 0.0%.

PHP CVE-2026-5181

Q: What is the CVSS score of CVE-2026-5181?

CVE-2026-5181 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-17327 LOW

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-03-31 VulDB

PHP File Upload

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 01, 2026 - 14:24 vuln.today

Public exploit code

EUVD ID Assigned

Mar 31, 2026 - 05:15 euvd

EUVD-2026-17327

Analysis Generated

Mar 31, 2026 - 05:15 vuln.today

CVE Published

Mar 31, 2026 - 04:45 nvd

MEDIUM 5.3

DescriptionNVD

A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctors_appointment/admin/ajax.php?action=save_category. Such manipulation of the argument img leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

AnalysisAI

Unrestricted file upload in SourceCodester Simple Doctors Appointment System up to version 1.0 allows authenticated remote attackers to upload arbitrary files via the img parameter in /doctors_appointment/admin/ajax.php?action=save_category, potentially leading to remote code execution. The vulnerability has publicly available exploit code and carries a CVSS score of 5.3 with limited impact scope, though it requires valid login credentials to exploit.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5181 vulnerability details – vuln.today

Back