cvedb.io
CVE-2025-67031
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2026-05-15T20:16:45.120 · Last modified 2026-06-17T09:57:23.050

Summary

ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval() call inside tagsets/participant.php and tagsets/options.php.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.