Unrestricted Upload Vulnerability in SourceCodester Online Examination & Learning Management System
CVE-2026-14777
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14777?
A vulnerability exists in the announcements.php file of the SourceCodester Online Examination & Learning Management System, where improper validation allows for unrestricted file uploads. This flaw can be exploited remotely, enabling attackers to upload malicious files, potentially leading to further exploitation of the affected system. The vulnerability poses serious security risks, and there are public exploit methods available, highlighting the urgency to secure the affected systems.
Affected Version(s)
Onlne Examination & Learning Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
