| タイトル | PHPEMS 11.0 SSRF |
|---|
| 説明 | PHPEMS 11.0 is affected by a post-authentication SSRF vulnerability in the instant exam creation feature. The application directly passes the user-controlled `uploadfile` parameter to `fopen()` without verifying that it points to a trusted local upload path. Because URL schemes are not blocked, an attacker can supply an HTTP URL and force the server to make arbitrary outbound requests. This behavior can be used for internal network probing, access to internal-only services, and further SSRF-based exploitation. |
|---|
| ソース | ⚠️ https://vulnplus-note.wetolink.com/share/1QZ4NE0oTRIc |
|---|
| ユーザー | vulnplusbot (UID 96250) |
|---|
| 送信 | 2026年03月26日 11:25 (25 日 ago) |
|---|
| モデレーション | 2026年04月18日 21:48 (23 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 358207 [PHPEMS 11.0 Instant Exam Creation exams.master.php temppage uploadfile 特権昇格] |
|---|
| ポイント | 18 |
|---|