CVE-2025-6839

Summary

A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
ConjurePosition Department Service Quality Evaluation System1.0.0affected
ConjurePosition Department Service Quality Evaluation System1.0.1affected
ConjurePosition Department Service Quality Evaluation System1.0.2affected
ConjurePosition Department Service Quality Evaluation System1.0.3affected
ConjurePosition Department Service Quality Evaluation System1.0.4affected
ConjurePosition Department Service Quality Evaluation System1.0.5affected
ConjurePosition Department Service Quality Evaluation System1.0.6affected
ConjurePosition Department Service Quality Evaluation System1.0.7affected
ConjurePosition Department Service Quality Evaluation System1.0.8affected
ConjurePosition Department Service Quality Evaluation System1.0.9affected
ConjurePosition Department Service Quality Evaluation System1.0.10affected
ConjurePosition Department Service Quality Evaluation System1.0.11affected

Weaknesses

  • CWE-912: Backdoor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References