Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by Conjure

    CVE-2025-6839 (GCVE-0-2025-6839)

    Vulnerability from nvd – Published: 2025-06-29 01:31 – Updated: 2025-06-30 20:14
    VLAI
    Title
    Conjure Position Department Service Quality Evaluation System head.php eval backdoor
    Summary
    A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Conjure Position Department Service Quality Evaluation System Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Create a notification for this product.
    Credits
    YELEIPENG (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T20:13:55.594878Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T20:14:14.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Position Department Service Quality Evaluation System",
              "vendor": "Conjure",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "YELEIPENG (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Conjure Position Department Service Quality Evaluation System bis 1.0.11 entdeckt. Dies betrifft die Funktion eval der Datei public/assets/less/bootstrap-less/mixins/head.php. Dank Manipulation des Arguments payload mit unbekannten Daten kann eine backdoor-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-912",
                  "description": "Backdoor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-29T01:31:08.475Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-314282 | Conjure Position Department Service Quality Evaluation System head.php eval backdoor",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.314282"
            },
            {
              "name": "VDB-314282 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.314282"
            },
            {
              "name": "Submit #603176 | conjure Position Department Service Quality Evaluation System \u003c=1.0.11 Command Shell in Externally Accessible Directory",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.603176"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B#proof-of-concept-"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-27T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-27T20:43:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Conjure Position Department Service Quality Evaluation System head.php eval backdoor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6839",
        "datePublished": "2025-06-29T01:31:08.475Z",
        "dateReserved": "2025-06-27T18:38:39.170Z",
        "dateUpdated": "2025-06-30T20:14:14.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6839 (GCVE-0-2025-6839)

    Vulnerability from cvelistv5 – Published: 2025-06-29 01:31 – Updated: 2025-06-30 20:14
    VLAI
    Title
    Conjure Position Department Service Quality Evaluation System head.php eval backdoor
    Summary
    A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Conjure Position Department Service Quality Evaluation System Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.0.6
    Affected: 1.0.7
    Affected: 1.0.8
    Affected: 1.0.9
    Affected: 1.0.10
    Affected: 1.0.11
    Create a notification for this product.
    Credits
    YELEIPENG (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6839",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T20:13:55.594878Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T20:14:14.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Position Department Service Quality Evaluation System",
              "vendor": "Conjure",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "YELEIPENG (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Conjure Position Department Service Quality Evaluation System bis 1.0.11 entdeckt. Dies betrifft die Funktion eval der Datei public/assets/less/bootstrap-less/mixins/head.php. Dank Manipulation des Arguments payload mit unbekannten Daten kann eine backdoor-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-912",
                  "description": "Backdoor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-29T01:31:08.475Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-314282 | Conjure Position Department Service Quality Evaluation System head.php eval backdoor",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.314282"
            },
            {
              "name": "VDB-314282 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.314282"
            },
            {
              "name": "Submit #603176 | conjure Position Department Service Quality Evaluation System \u003c=1.0.11 Command Shell in Externally Accessible Directory",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.603176"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://note-hxlab.wetolink.com/share/LZJIef0phS6B#proof-of-concept-"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-27T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-27T20:43:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Conjure Position Department Service Quality Evaluation System head.php eval backdoor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6839",
        "datePublished": "2025-06-29T01:31:08.475Z",
        "dateReserved": "2025-06-27T18:38:39.170Z",
        "dateUpdated": "2025-06-30T20:14:14.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }