CVE Catalog

CVE-2026-14719

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A vulnerability was found in SourceCodester Online Examination & Learning Management System 1.0 in the register.php file. Manipulating the 'role' argument during user registration allows improper privilege management. The attack can be executed remotely and an exploit has been published.

Risk Assessment

The organization is at risk of privilege escalation, potentially allowing an attacker to gain administrative access and sensitive data.

Recommendation

Immediately update the system to the latest version or apply a patch that prevents manipulation of the 'role' argument in register.php.

Original NVD description (English source)

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The attack can be executed remotely. The exploit has been published and may be used. The name of the affected product appears to have a typo in it.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS