Unrated severityNVD Advisory· Published Jan 1, 2026· Updated Feb 23, 2026

PHPEMS cross-site request forgery

CVE-2025-15405

Description

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.

Affected products

Phpems/Phpemsv52 versions
cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*range: 11.0
- (no CPE)range: <=11.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

byebydoggy.github.io/post/2025/1231-phpems-csrf-poc/mitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000