CVE-2026-14777
MEDIUM Exploitation: PoC
6.3
CVSS 3.1
Description
A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The name of the affected product appears to have a typo in it.
Metadata
Severity & Metrics
6.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| SourceCodester | Onlne Examination & Learning Management System | — | 1.0 |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 6.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.3 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 5.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-376367 | SourceCodester Onlne Examination & Learning Management System announcements.php unrestricted upload https://vuldb.com/vuln/376367
- VDB-376367 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/376367/cti
- CVE-2026-14777 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-14777
- Submit #850679 | SourceCodester Online Examination & Learning Management System 1.0 Unrestricted Upload https://vuldb.com/submit/850679
- https://github.com/nuiifornet/A033/blob/main/OE-LMS-RCE-3-announcements.md
- https://www.sourcecodester.com/