{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6839", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-27T18:38:39.170Z", "datePublished": "2025-06-29T01:31:08.475Z", "dateUpdated": "2025-06-30T20:14:14.689Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-29T01:31:08.475Z"}, "title": "Conjure Position Department Service Quality Evaluation System head.php eval backdoor", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-912", "lang": "en", "description": "Backdoor"}]}], "affected": [{"vendor": "Conjure", "product": "Position Department Service Quality Evaluation System", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}, {"version": "1.0.4", "status": "affected"}, {"version": "1.0.5", "status": "affected"}, {"version": "1.0.6", "status": "affected"}, {"version": "1.0.7", "status": "affected"}, {"version": "1.0.8", "status": "affected"}, {"version": "1.0.9", "status": "affected"}, {"version": "1.0.10", "status": "affected"}, {"version": "1.0.11", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in Conjure Position Department Service Quality Evaluation System bis 1.0.11 entdeckt. Dies betrifft die Funktion eval der Datei public/assets/less/bootstrap-less/mixins/head.php. Dank Manipulation des Arguments payload mit unbekannten Daten kann eine backdoor-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR"}}], "timeline": [{"time": "2025-06-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-27T20:43:47.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "YELEIPENG (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.314282", "name": "VDB-314282 | Conjure Position Department Service Quality Evaluation System head.php eval backdoor", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314282", "name": "VDB-314282 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.603176", "name": "Submit #603176 | conjure Position Department Service Quality Evaluation System <=1.0.11 Command Shell in Externally Accessible Directory", "tags": ["third-party-advisory"]}, {"url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B", "tags": ["related"]}, {"url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B#proof-of-concept-", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-30T20:13:55.594878Z", "id": "CVE-2025-6839", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T20:14:14.689Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6839", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-30T20:13:55.594878Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T20:14:07.227Z"}}], "cna": {"title": "Conjure Position Department Service Quality Evaluation System head.php eval backdoor", "credits": [{"lang": "en", "type": "reporter", "value": "YELEIPENG (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR"}}], "affected": [{"vendor": "Conjure", "product": "Position Department Service Quality Evaluation System", "versions": [{"status": "affected", "version": "1.0.0"}, {"status": "affected", "version": "1.0.1"}, {"status": "affected", "version": "1.0.2"}, {"status": "affected", "version": "1.0.3"}, {"status": "affected", "version": "1.0.4"}, {"status": "affected", "version": "1.0.5"}, {"status": "affected", "version": "1.0.6"}, {"status": "affected", "version": "1.0.7"}, {"status": "affected", "version": "1.0.8"}, {"status": "affected", "version": "1.0.9"}, {"status": "affected", "version": "1.0.10"}, {"status": "affected", "version": "1.0.11"}]}], "timeline": [{"lang": "en", "time": "2025-06-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-27T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-27T20:43:47.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.314282", "name": "VDB-314282 | Conjure Position Department Service Quality Evaluation System head.php eval backdoor", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314282", "name": "VDB-314282 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.603176", "name": "Submit #603176 | conjure Position Department Service Quality Evaluation System <=1.0.11 Command Shell in Externally Accessible Directory", "tags": ["third-party-advisory"]}, {"url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B", "tags": ["related"]}, {"url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B#proof-of-concept-", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in Conjure Position Department Service Quality Evaluation System bis 1.0.11 entdeckt. Dies betrifft die Funktion eval der Datei public/assets/less/bootstrap-less/mixins/head.php. Dank Manipulation des Arguments payload mit unbekannten Daten kann eine backdoor-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-912", "description": "Backdoor"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-29T01:31:08.475Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6839", "state": "PUBLISHED", "dateUpdated": "2025-06-30T20:14:14.689Z", "dateReserved": "2025-06-27T18:38:39.170Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-29T01:31:08.475Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Conjure Position Department Service Quality Evaluation System (hasta la versi\u00f3n 1.0.11). Este problema afecta a la funci\u00f3n eval del archivo public/assets/less/bootstrap-less/mixins/head.php. La manipulaci\u00f3n del payload del argumento genera una puerta trasera. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-6839", "lastModified": "2025-06-30T18:38:23.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-06-29T02:15:21.747", "references": [{"source": "[email protected]", "url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B"}, {"source": "[email protected]", "url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B#proof-of-concept-"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.314282"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.314282"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.603176"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-912"}], "source": "[email protected]", "type": "Primary"}]}

{}