CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

EUVD-2026-23703

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

CVE-2026-6573

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

PT-2026-33631

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely...

PHPEMS 安全漏洞

PHPEMS is an open-source PHP online simulation exam system. Version PHPEMS 11.0 contains a security vulnerability, which stems from the operation of the uploadfile parameter in the file /app/exam/controller/exams.master.php. This operation leads to server-side request forgeing, potentially allowi...

PT-2024-38276 · Baidu · Baidu Ueditor

Name of the Vulnerable Software and Affected Versions: Baidu UEditor version 1.4.3.3 Description: A vulnerability was found in Baidu UEditor, affecting an unknown part of the file "/ueditor/php/controller.php?action=uploadfile&encode=utf-8". The manipulation of the upfile argument leads to...

71CMS Security Breach

71CMS is xiaocheng-keji open source a smart party building system. 71CMS v.1.0.0 version has a security vulnerability. Attackers use this vulnerability to execute arbitrary code via the uploadfile parameter in the controller.php file...

PT-2024-20794 · 71Cms · 71Cms

Name of the Vulnerable Software and Affected Versions: 71CMS version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. This is a Cross Site Scripting vulnerability. Recommendations: For 71CMS version...

CVE-2023-1484

A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this...

PT-2023-17021 · Xzjie Cms · Xzjie Cms

Name of the Vulnerable Software and Affected Versions: xzjie cms versions up to 1.0.3 Description: A critical issue affects the processing of the file "/api/upload". The manipulation of the uploadFile argument leads to unrestricted upload. The attack can be initiated remotely. Recommendations: Fo...

xzjie cms 代码问题漏洞

xzjie cms is xzjie individual developers of the cloud tower guest - cabin content publishing system. A code issue vulnerability exists in xzjie cms 1.0.3 and earlier versions, which stems from a problem with files/api/upload, where manipulation of the parameter uploadFile can lead to unrestricted...

XOOPS Cube PROJECT FileManager - xupload.php Arbitrary File Upload

XOOPS Cube PROJECT FileManager - xupload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/53945/info FileManager is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An...