CVE Catalog

CVE-2026-14698

MediumCVSS 6.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. An unknown function in upload_files.php allows unrestricted file upload, which can be exploited remotely. The exploit has been publicly released and may be used for attacks.

Risk Assessment

The risk involves an attacker being able to remotely upload a malicious file (e.g., a PHP script), potentially leading to server compromise, data theft, or further propagation of the attack within the organization's network.

Recommendation

Immediately update the system to the latest version or apply a security patch from the vendor. Until then, disable or secure the upload_files.php file and implement file type validation and size restrictions.

Original NVD description (English source)

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file upload_files.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS