exploitDog

CVE-2025-15244

Опубликовано: 30 дек. 2025

Источник: nvd

CVSS3: 3.7

CVSS2: 2.6

EPSS Низкий

Описание

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used.

Ссылки

https://byebydoggy.github.io/post/2025/1229-phpems-points-race-condition-poc/
Exploit
Mitigation
Third Party Advisory
https://vuldb.com/?ctiid.338634
Permissions Required
VDB Entry
https://vuldb.com/?id.338634
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.725727
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*

Версия до 11.0 (включая)

EPSS

Процентиль: 31%

0.00118

Низкий

3.7 Low

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-fr44-mp8q-2m5q

CVSS3: 3.7

github

около 1 месяца назад

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 31%

0.00118

Низкий

3.7 Low

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-362