Product
CVE-2026-14778: Improper Authorization in SourceCodester Onlne Examination & Learning Management System
1 CVEA high-severity improper authorization vulnerability (CVE-2026-14778) exists in SourceCodester Onlne Examination & Learning Management System version 1.0, allowing remote attackers to bypass authorization checks by manipulating the `student_id`, `schedule_id`, or `action` arguments in `/ajax_enroll.php`, potentially leading to unauthorized access or actions.
CVE-2026-14719: SourceCodester Onlne Examination & Learning Management System Privilege Escalation
1 rule 2 TTPs 1 CVE 1 IOCA critical remote vulnerability (CVE-2026-14719) has been identified in SourceCodester Onlne Examination & Learning Management System version 1.0. The flaw resides in the Registration Endpoint, specifically within the 'register.php' file, where improper privilege management allows for manipulation of the 'role' argument, leading to unauthorized privilege escalation. A public exploit for this vulnerability has been published, increasing the immediate risk of exploitation.