CVE-2026-14777
SourceCodester Onlne Examination & Learning Management System announcements.php unrestricted upload
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.3EPSS —KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
05 Jul 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The name of the affected product appears to have a typo in it.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
SourceCodester · Onlne Examination & Learning Management Systempublic PoCs found — 1
cve_referencegithub.com/nuiifornet/A033/blob/main/OE-LMS-RCE-3-announcements.mdunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.