50 matches found
CVE-2026-6573
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
EUVD-2026-23703
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
CVE-2026-6573
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
CVE-2026-6573 PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
PT-2026-33631
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...
PHPEMS 安全漏洞
PHPEMS is an open-source PHP online simulation exam system. Version PHPEMS 11.0 contains a security vulnerability, which stems from the operation of the uploadfile parameter in the file /app/exam/controller/exams.master.php. This operation leads to server-side request forgeing, potentially allowi...
CVE-2026-36920
CVE-2026-36920 affects Sourcecodester Online Reviewer System v1.0. The Red Hat, ENISA EUVD, CIRCL, NVD, CVE lists, and Vulners enrichment all indicate a SQL Injection vulnerability in /system/system/admins/assessments/examproper/questions-view.php. Root cause details are not explicitly provided b...
CVE-2026-5106 code-projects Exam Form Submission update_fst.php cross site scripting
A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/updatefst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
BeeS BET e-Portal 安全漏洞
BeeS BET e-Portal is a faculty and exam management system from BeeS India. A security vulnerability exists in BeeS BET e-Portal that stems from a SQL injection in the login function, which could lead to the execution of arbitrary SQL commands...
PT-2025-53679
Name of the Vulnerable Software and Affected Versions Innorix WP affected versions not specified Description The software contains a flaw related to unrestricted file uploads, potentially allowing an attacker to upload a web shell to a web server. This issue arises if the 'exam' directory exists...
Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog
Security is a core focus at Microsoft Ignite 2025, reflected in dedicated sessions and hands-on experiences designed for security professionals and leaders. Whether you’re shaping strategy or working on the front lines, Microsoft Ignite offers direct access to the latest advancements and practica...
MAL-2025-35301 Malicious code in test-mlw2-exams-flong (npm)
The package test-mlw2-exams-flong was found to contain malicious code...
Malicious code in test-mlw2-exams-flong (npm)
The package test-mlw2-exams-flong was found to contain malicious code...
Tecnick TCExam SQL注入漏洞
Tecnick TCExam is a web-based open source e-exam system from Tecnick UK. The system is mainly used for online exams and so on. A SQL injection vulnerability exists in Tecnick TCExam version 16.3.2, which stems from improper neutralization of special elements in SQL commands, and could lead to SQL...
Code-Projects Online Class and Exam Scheduling System 安全漏洞
Code-Projects Online Class and Exam Scheduling System is an online class and exam scheduling system from Code-Projects, Inc. A security vulnerability exists in Code-Projects Online Class and Exam Scheduling System version 1.0, which stems from a parameter salut in the file /pages/teachersave.php...
Exploit for CVE-2024-37742
CVE-2024-37742: Clipboard Exploit in SEB ≤ 3.5.0 Windows Thi...
CVE-2024-32406
Server-Side Template Injection SSTI vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function...
Tecnick TCExam Security Breach
Tecnick TCExam is a Web-based open source e-exam system from Tecnick UK. The system is mainly used for online exams, etc. A security vulnerability exists in Tecnick TCExam versions prior to 15.1.0, which stems from an insufficiently protected external authorization mechanism in the admin folder...
LinkedIn: Users can access exams in course without having to subscribe to PREMIUM
Improper access controls allowed users to access premium exams without subscribing...
CVE-2022-2379
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...