Skip to main content

Syllabus Aligned Learning Management And Examination System

1 CVEs product

Monthly

CVE-2026-14698 LOW POC Monitor

Unrestricted file upload in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0 allows low-privileged remote attackers to upload arbitrary file types via the upload_files.php endpoint, with potential for remote code execution through PHP webshell deployment given the application's PHP runtime environment. The vulnerability is rooted in CWE-434 and carries a network-accessible attack vector with no special configuration required beyond a valid user account. A public proof-of-concept exploit is confirmed available on Pastebin; no CISA KEV listing has been identified at time of analysis.

PHP File Upload Syllabus Aligned Learning Management And Examination System
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
EPSS 0% CVSS 2.1
LOW POC Monitor

Unrestricted file upload in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0 allows low-privileged remote attackers to upload arbitrary file types via the upload_files.php endpoint, with potential for remote code execution through PHP webshell deployment given the application's PHP runtime environment. The vulnerability is rooted in CWE-434 and carries a network-accessible attack vector with no special configuration required beyond a valid user account. A public proof-of-concept exploit is confirmed available on Pastebin; no CISA KEV listing has been identified at time of analysis.

PHP File Upload Syllabus Aligned Learning Management And Examination System
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy