CVE-2025-15405

Опубликовано: 01 янв. 2026

Источник: nvd

CVSS3: 4.3

CVSS3: 8.8

CVSS2: 5

EPSS Низкий

Описание

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.

Ссылки

https://byebydoggy.github.io/post/2025/1231-phpems-csrf-poc/
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.339325
Permissions Required
Third Party Advisory
https://vuldb.com/?id.339325
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.728314
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*

Версия до 11.0 (включая)

EPSS

Процентиль: 7%

0.00028

Низкий

4.3 Medium

CVSS3

8.8 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-x8m4-6wf8-65hj

CVSS3: 4.3

github

около 1 месяца назад

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.

EPSS

Процентиль: 7%

0.00028

Низкий

4.3 Medium

CVSS3

8.8 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-352