CVE-2026-11344

code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload

CVSS 6.9 MEDIUMEPSS 0.4%CWE-284 CWE-434

A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

code-projects · Vehicle Management System

public PoCs found — 2

githubgithub.com/Xmyronn/CVE-2026-11344-RCE★ 0 cve_referencegithub.com/Xmyronn/Vehicle-Management-System-In-PHP---Unauthenticated-Remote-Code-Execution.gitunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://code-projects.org/https://github.com/Xmyronn/Vehicle-Management-System-In-PHP---Unauthenticated-Remote-Code-Execution.git https://vuldb.com/cve/CVE-2026-11344 https://vuldb.com/submit/833153 https://vuldb.com/vuln/368884 https://vuldb.com/vuln/368884/cti