Description
A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used.
Published: 2026-04-19
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Server‑Side Request Forgery (SSRF)
Action: Immediate Patch
AI Analysis

Impact

A flaw in PHPEMS version 11.0 occurs in the temppage function of the /app/exam/controller/exams.master.php file. The uploadfile parameter is not properly validated, allowing an attacker to supply arbitrary values that cause the application server to issue HTTP requests to any target URL. This Server‑Side Request Forgery can be triggered remotely, which enables a remote attacker to force the server to access external or internal resources.

Affected Systems

PHPEMS 11.0 is affected; the vulnerability resides in the Instant Exam Creation Handler component, specifically the temppage endpoint that processes the uploadfile argument.

Risk and Exploitability

The reported CVSS score of 5.3 places the issue in the medium severity range. EPSS data is not available, but the public availability of exploit code suggests that the flaw is likely to be used by threat actors. The attack can be carried out from outside the network because it only requires sending an HTTP request to the PHPEMS instance. Based on typical SSRF behavior, an attacker might be able to retrieve data from internal services if the server’s outbound policy does not restrict access, or otherwise direct traffic to arbitrary destinations. The vulnerability is not listed in the CISA KEV catalog, yet its remote nature and public exploit code warrant prompt remediation.

Generated by OpenCVE AI on April 19, 2026 at 15:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • If a vendor patch is not yet released, remove or disable the temppage endpoint from the PHPEMS application
  • Configure a web‑application firewall to block or reject requests that contain the uploadfile parameter
  • Implement outbound firewall rules to restrict the server’s HTTP(S) traffic to a whitelist of trusted destinations and block access to internal IP ranges

Generated by OpenCVE AI on April 19, 2026 at 15:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 19 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used.
Title PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery
First Time appeared Phpems
Phpems phpems
Weaknesses CWE-918
CPEs cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*
Vendors & Products Phpems
Phpems phpems
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Phpems Phpems
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-19T12:45:14.558Z

Reserved: 2026-04-18T19:47:53.569Z

Link: CVE-2026-6573

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-19T13:16:46.187

Modified: 2026-04-19T13:16:46.187

Link: CVE-2026-6573

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-19T15:15:15Z

Weaknesses