What is GHSA-m7f5-wrrg-p669?

GHSA-m7f5-wrrg-p669 is a security advisory published by GitHub Security Advisories with Medium severity. ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote...

Which CVE IDs does GHSA-m7f5-wrrg-p669 cover?

GHSA-m7f5-wrrg-p669 covers the following CVE IDs: CVE-2025-67031. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-m7f5-wrrg-p669?

GHSA-m7f5-wrrg-p669 has a CVSS v3 base score of 6.3, published by GitHub Security Advisories.

GHSA-m7f5-wrrg-p669MediumCVSS 6.3

ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2025-67031 →

📋 Description

ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval() call inside tagsets/participant.php and tagsets/options.php.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2025-67031
https://github.com/orsee/orsee/archive/refs/tags/orsee_3.1.0.zip
https://medium.com/@erabhishekshroti/cve-2025-67031-remote-code-execution-in-orsee-3-1-0-2bfc71d6d5eb
https://github.com/advisories/GHSA-m7f5-wrrg-p669