CVE-2026-6573

Name of the Vulnerable Software and Affected Versions PHPEMS version 11.0

Description An issue exists in the Instant Exam Creation Handler component within the temppage function of the '/app/exam/controller/exams.master.php' file. Remote manipulation of the uploadfile argument allows for server-side request forgery, a flaw where an attacker can induce the server-side application to make requests to an unintended location.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.