EPSS
Percentile
31.7%
Both p_name and p_desc are vulnerable. No nonce on form so also vulnerable to CSRF. Original researcher’s PoC does not work as all parameters are needed to be submitted not just the p_name parameter.
seclists.org/bugtraq/2015/Dec/13