CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

EUVD-2026-23703

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

CVE-2026-6573

PHPEMS 11.0 is affected via the Instant Exam Creation Handler in /app/exam/controller/exams.master.php, function temppage. Manipulating the uploadfile argument triggers a server-side request forgery (SSRF). Exploitation is publicly available and may be used remotely. No remediation details are pr...

CVE-2026-3946

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

EUVD-2026-11174

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

CVE-2026-3946

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

CVE-2026-3946 PHPEMS index.php cross site scripting

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

CVE-2026-3946

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

CVE-2026-3946

CVE-2026-3946 affects PHPEMS 11.0. The vulnerability is in an unknown function of the file /index.php?ask=app-ask, where manipulation of the askcontent argument yields cross-site scripting. This can be exploited remotely; the exploit is public. The provided data does not specify a fixed version, ...

CVE-2026-3946 PHPEMS index.php cross site scripting

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

PT-2026-24695

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

PHPEMS 代码注入漏洞

PHPEMS is an open-source PHP online simulation exam system developed by PHPEMS. Version 11.0 of PHPEMS contains a code injection vulnerability, which stems from incorrect handling of the parameter askcontent in the file /file/index.php?ask=app-ask. This vulnerability may lead to cross-site...

CVE-2025-15405

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...

CVE-2025-15405

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...

CVE-2025-15405

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...

CVE-2025-15405 PHPEMS cross-site request forgery

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...

EUVD-2026-0017

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...

CVE-2025-15405 PHPEMS cross-site request forgery

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely...

PHPEMS 安全漏洞

PHPEMS is a PHP online practice exam system from PHPEMS open source. A security vulnerability exists in PHPEMS 11.0 and earlier versions, which stems from vulnerability to cross-site request forgery attacks...