CVE-2026-6573 | PHPEMS 11.0 Instant Exam Creation exams.master.php temppage uploadfile server-side request forgery

Inserito da Angelo Barbosa | Apr 18, 2026 | CVE

A vulnerability, which was classified as critical, was found in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery.

This vulnerability is identified as CVE-2026-6573. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-6573 | PHPEMS 11.0 Instant Exam Creation exams.master.php temppage uploadfile server-side request forgery

Post correlati

CVE-2024-34011 | Acronis Cyber Protect Cloud Agent prior 37758 Folder default permission

CVE-2024-2833 | Jobs Plugin up to 2.7.5 on WordPress job-search cross site scripting

CVE-2025-11646 | Tomofun Furbo 360/Furbo Mini GATT Service access control

CVE-2026-21451 | Bagisto up to 2.3.9 CMS Page Editor cross site scripting (GHSA-2mwc-h2mg-v6p8)