Description
A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. The name of the affected product appears to have a typo in it.
Published: 2026-07-05
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the process_lesson.php script of the SourceCodester Online Examination & Learning Management System. An attacker can manipulate the user_id argument to upload any file without restriction, which may lead to overwriting server files or executing malicious code if the uploaded file is executed by the web server. This weakness aligns with CWE-434 (Unrestricted File Upload) and CWE-284 (Improper Access Control). The impact includes potential loss of confidentiality, integrity, or availability of the system if an attacker successfully places a malicious file in a location that can be executed.

Affected Systems

The impacted product is SourceCodester Online Examination & Learning Management System version 1.0, as identified in the affected file process_lesson.php. No other versions or variants were listed in the CNA data.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available, suggesting that published exploitation activity data is not publicly quantified. The vulnerability is not listed in CISA's KEV catalog. Attackers can exploit the flaw remotely by sending a crafted user_id value to /process_lesson.php; the public exploit is documented, so the likelihood of real‑world exploitation remains significant until a patch is applied.

Generated by OpenCVE AI on July 6, 2026 at 08:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website for an updated version of the Online Examination & Learning Management System and apply any available patch or upgrade as soon as possible.
  • Configure the web server so that the directory used for file uploads has no execution permissions, preventing uploaded files from being run as code.
  • Implement strict file type validation and MIME type checks in the upload handling code so that only allowed extensions are accepted and all other uploads are rejected.
  • Deploy a .htaccess rule or equivalent server configuration that denies execution of any files within the upload directory, adding an additional safeguard against accidental code execution.
  • Continuously monitor application and web server logs for suspicious upload activity and investigate any anomalous requests.

Generated by OpenCVE AI on July 6, 2026 at 08:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester onlne Examination & Learning Management System
Vendors & Products Sourcecodester onlne Examination & Learning Management System

Sun, 05 Jul 2026 23:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. The name of the affected product appears to have a typo in it.
Title SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload
First Time appeared Sourcecodester
Sourcecodester onlne Examination Learning Management System
Weaknesses CWE-284
CWE-434
CPEs cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester onlne Examination Learning Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Sourcecodester Onlne Examination & Learning Management System Onlne Examination Learning Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-05T22:45:09.190Z

Reserved: 2026-07-05T04:08:13.179Z

Link: CVE-2026-14775

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T08:30:04Z

Weaknesses
  • CWE-284

    Improper Access Control

  • CWE-434

    Unrestricted Upload of File with Dangerous Type