CVE-2025-15244

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be...

CVE-2025-15244

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be...

CVE-2025-15244

CVE-2025-15244 affects PHPEMS up to version 11.x, targeting the Purchase Request Handler. The issue is a race condition that can be triggered remotely; exploitation is described as high complexity with no required user interaction. Public PoC details exist, and multiple sources (NVD, Red Hat, CVE...

CVE-2025-15242

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as...

CVE-2025-15242 PHPEMS Coupon race condition

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as...

CVE-2025-15242 PHPEMS Coupon race condition

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as...

CVE-2025-15242

CVE-2025-15242 affects PHPEMS up to version 11.x, with a race-condition in the Coupon Handler component. Remote manipulation can trigger the issue; attack complexity is described as high, and exploitability is considered difficult. Several connected sources confirm a publicly available exploit an...

PHPEMS 竞争条件问题漏洞

PHPEMS is a PHP online practice exam system. A Competitive Condition Issue vulnerability exists in PHPEMS version 11.0 and earlier, which stems from a competitive condition in the component Coupon Handler that could lead to a competitive condition attack...

PT-2025-53861

Name of the Vulnerable Software and Affected Versions PHPEMS versions prior to 11.1 Description A race condition exists in the Coupon Handler component of PHPEMS. This issue can be exploited remotely, though the complexity of an attack is considered high and exploitability is difficult. The explo...

EUVD-2023-3118

Malicious code in bioql PyPI...

EUVD-2023-58706

Malicious code in bioql PyPI...

EUVD-2024-17110

Malicious code in bioql PyPI...

CVE-2024-1353

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

CVE-2023-6654

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...

CVE-2023-6472

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

PHPEMS deserialization vulnerability (CNVD-2024-13536)

PHPEMS is a PHP online mock exam system. PHPEMS has a deserialization vulnerability, the vulnerability arises because there is a function index in app/weixin/controller/index.api.php, which can be exploited by an attacker to cause deserialization via the parameter picurl...

Exploit for Deserialization of Untrusted Data in Phpems

CVE-2023-6654 PHPEMS Cookie Deserialization Vulnerability...

CVE-2024-1353

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

CVE-2024-1353

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

Deserialization of untrusted data

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...