CVE-2025-6839

Name of the Vulnerable Software and Affected Versions: Conjure Position Department Service Quality Evaluation System versions up to 1.0.11

Description: A critical vulnerability has been found in the Conjure Position Department Service Quality Evaluation System. The issue affects the eval function of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the payload argument leads to a backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For Conjure Position Department Service Quality Evaluation System versions up to 1.0.11, consider disabling the eval function in the public/assets/less/bootstrap-less/mixins/head.php file as a temporary workaround until a patch is available. Restrict access to the public/assets/less/bootstrap-less/mixins/head.php file to minimize the risk of exploitation. Avoid using the payload argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.