Skip to main content

PHP CVE-2026-5576

| EUVD-2026-19101 LOW
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-04-05 VulDB GHSA-crcm-pxx2-c5jm
PHP File Upload
2.0
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.1 (MEDIUM) 2.0 (LOW)
PoC Detected
Apr 07, 2026 - 13:20 vuln.today
Public exploit code
EUVD ID Assigned
Apr 05, 2026 - 15:30 euvd
EUVD-2026-19101
Analysis Generated
Apr 05, 2026 - 15:30 vuln.today
CVE Published
Apr 05, 2026 - 15:15 nvd
MEDIUM 5.1

DescriptionNVD

A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

AnalysisAI

Unrestricted file upload in SourceCodester/jkev Record Management System 1.0 allows authenticated remote attackers to upload arbitrary files via the save_emp.php Add Employee Page component, potentially enabling remote code execution. The vulnerability requires high-privilege authentication and has publicly available exploit code, though real-world risk remains limited by the authentication barrier and moderate CVSS score of 4.7.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-5576 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy