exploitDog

CVE-2025-15242

Опубликовано: 30 дек. 2025

Источник: nvd

CVSS3: 3.1

CVSS2: 2.1

EPSS Низкий

Описание

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit is now public and may be used.

Ссылки

https://byebydoggy.github.io/post/2025/1229-phpems-coupon-recharge-race-condition-poc/
Exploit
Mitigation
Third Party Advisory
https://vuldb.com/?ctiid.338632
Permissions Required
VDB Entry
https://vuldb.com/?id.338632
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.725661
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*

Версия до 11.0 (включая)

EPSS

Процентиль: 12%

0.00039

Низкий

3.1 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-hpjv-rm6f-xw2p

CVSS3: 3.1

github

около 1 месяца назад

A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit is now public and may be used.

EPSS

Процентиль: 12%

0.00039

Низкий

3.1 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-362