Description
A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. The name of the affected product appears to have a typo in it.
Problem types
Product status
Timeline
| 2026-07-05: | Advisory disclosed |
| 2026-07-05: | VulDB entry created |
| 2026-07-05: | VulDB entry last update |
Credits
Fklov (VulDB User)
References
vuldb.com/vuln/376365 (VDB-376365 | SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload)
vuldb.com/vuln/376365/cti (VDB-376365 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14775 (CVE-2026-14775 | CVE Analysis and Report)
vuldb.com/submit/850677 (Submit #850677 | SourceCodester Online Examination & Learning Management System 1.0 Unrestricted Upload)
github.com/.../A033/blob/main/OE-LMS-RCE-1-process_lesson.md
www.sourcecodester.com/