CVE-2025-67031
6.3 MEDIUMORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the par...
Published: 2026-05-15 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-94
Description
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval() call inside tagsets/participant.php and tagsets/options.php.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-24155 — NVIDIA NeMo Framework for all platforms contains a code injection vulnerability (7.8 HIGH)
- CVE-2026-49774 — Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion (9.9 CRITICAL)
- CVE-2026-48017 — DbGate is cross-platform database manager (8.8 HIGH)
- CVE-2026-48836 — Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions (10.0 CRITICAL)
- CVE-2026-48124 — Cursor is a code editor built for programming with AI