CVE-2025-6839: Conjure Position Department Service Quality Evaluation System head.php eval backdoor
Description
A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in Conjure Position Department Service Quality Evaluation System bis 1.0.11 entdeckt. Dies betrifft die Funktion eval der Datei public/assets/less/bootstrap-less/mixins/head.php. Dank Manipulation des Arguments payload mit unbekannten Daten kann eine backdoor-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-6839
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.3
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Problem Types
BackdoorAffected Products
Vendor: Conjure
Product: Position Department Service Quality Evaluation System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 13.93% (scored less or equal to compared to others)
EPSS Date: 2025-07-05 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-6839https://vuldb.com/?id.314282
https://vuldb.com/?ctiid.314282
https://vuldb.com/?submit.603176
https://note-hxlab.wetolink.com/share/LZJIef0phS6B
https://note-hxlab.wetolink.com/share/LZJIef0phS6B#proof-of-concept-