CVE-2024-1353 PHPEMS index.api.php index deserialization

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

CVE-2024-1353

PHPEMS up to version 1.0 is affected by CVE-2024-1353. The vulnerability resides in the index function of app/weixin/controller/index.api.php, where manipulating the picurl argument leads to deserialization. The issue is publicly disclosed and exploitable per the sources in the connected document...

CVE-2024-1353 PHPEMS index.api.php index deserialization

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and m...

PT-2024-17966 · Phpems · Phpems

Name of the Vulnerable Software and Affected Versions: PHPEMS versions up to 1.0 Description: A critical issue has been found in the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The issue has been disclosed to th...

PHPEMS Deserialization Vulnerability

PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...

PHPEMS Deserialization of Untrusted Data vulnerability

A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has...

GHSA-5RV2-VVMF-F7W8 PHPEMS Deserialization of Untrusted Data vulnerability

A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has...

CVE-2023-6654

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...

CVE-2023-6654

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...

Deserialization of untrusted data

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...

CVE-2023-6654

PHPEMS vulnerable in Library: deserialization flaw in lib/session.cls.php of Session Data Handler across PHPEMS 6.x–9.0. Deserialization manipulation allows remote abuse; exploit disclosed publicly (VDB-247357). Several sources corroborate: CVE-2023-6654 entry notes remote attack and public explo...

CVE-2023-6654 PHPEMS Session Data session.cls.php deserialization

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...

CVE-2023-6654 PHPEMS Session Data session.cls.php deserialization

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The...

CVE-2023-6472

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

CVE-2023-6472 PHPEMS Content Section api.cls.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

CVE-2023-6472

PHPEMS 7.0 contains a Cross-Site Scripting (XSS) flaw in the Content Section Handler, specifically in the file app\content\cls\api.cls.php. The issue is executable remotely and the exploit has been disclosed publicly, with multiple sources confirming the affected component and path. Practical imp...

XSS vulnerability in PHPEMS online practice exam system (CNVD-2021-26026)

PHPEMS online mock exam system is based on PHP Mysql development of an open source and free PHP paperless mock exam system. PHPEMS Online Mock Exam System has an xss vulnerability that can be exploited by attackers to obtain user cookies...

Code execution vulnerability in phpems

phpems is open source free PHP paperless mock exam system . phpems has a code execution vulnerability that can be exploited by an attacker to gain control of the server...

Command execution vulnerability in PHPEMS backend (CNVD-2020-64558)

PHPEMS is an open source Chinese online examination system, the system is based on PHP for development, is a collection of online exams, video playback and other functions, on the operation of the simple domestic boutique system. PHPEMS backend command execution vulnerability , attackers can use...