CVE-2026-11344

code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload

CVSS 6.9 MEDIUMEPSS 0.4%CWE-284 CWE-434

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.9EPSS 0.4%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

19 May 2026Public PoC

05 Jun 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

code-projects · Vehicle Management System

public PoCs found — 2

githubgithub.com/Xmyronn/CVE-2026-11344-RCE★ 0 cve_referencegithub.com/Xmyronn/Vehicle-Management-System-In-PHP---Unauthenticated-Remote-Code-Execution.gitunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://code-projects.org/https://github.com/Xmyronn/Vehicle-Management-System-In-PHP---Unauthenticated-Remote-Code-Execution.git https://vuldb.com/cve/CVE-2026-11344 https://vuldb.com/submit/833153 https://vuldb.com/vuln/368884 https://vuldb.com/vuln/368884/cti