CVE-2026-14775
Received Received - Intake

Online Exam System Unrestricted File Upload

Vulnerability report for CVE-2026-14775, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-05

Last updated on: 2026-07-05

Assigner: VulDB

Description

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. The name of the affected product appears to have a typo in it.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-05
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sourcecodester online_examination_and_learning_management_system 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the SourceCodester Online Examination & Learning Management System 1.0, specifically in an unknown function within the file /process_lesson.php. It involves manipulation of the user_id argument, which leads to an unrestricted upload vulnerability. This means an attacker can remotely exploit this flaw to upload files without proper restrictions.

Impact Analysis

The vulnerability allows an attacker to remotely upload files without restriction. This could lead to unauthorized files being placed on the system, potentially enabling further attacks such as code execution, data compromise, or disruption of service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14775. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart