PT-2026-1007 · Phpems · Phpems
Byebyedoggy
·
Published
2026-01-01
·
Updated
2026-01-01
·
CVE-2025-15405
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPEMS versions up to 11.0
Description
A cross-site request forgery condition exists in PHPEMS. The issue is triggered by manipulation of an unknown function and can be exploited remotely.
Recommendations
Versions prior to 11.0 should be updated.
Exploit
Fix
CSRF
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpems