Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PHPEMS 11.0: Malicious File Upload Can Hijack Server Requests
CVE-2026-6573
Summary
The PHPEMS 11.0 Instant Exam Creation Handler can be tricked into accepting and processing malicious files, allowing an attacker to control the server remotely. This could potentially lead to unauthorized actions. Update the PHPEMS software to a patched version as soon as possible to prevent exploitation.
Original title
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of...
Original description
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 19 Apr 2026 · Updated: 19 Apr 2026 · First seen: 19 Apr 2026