CVE-2026-5576
SourceCodester/jkev Record Management System Add Employee save_emp.php unrestricted upload
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.1EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
05 Apr 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
public PoCs found — 1
cve_referencegithub.com/whatyourname12345/CVE/blob/main/PRMS/cve_Arbitrary%20File%20Upload%20to%20RCE.mdunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.