A vulnerability marked as critical has been reported in code-projects Vehicle Management System 1.0 . This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form . Performing a manipulation of the argument photo results in unrestricted upload. This vulnerability was named CVE-2026-11344 . The attack may be initiated remotely. In addition, an exploit is available.