A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-01-01
A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score
3.7
EPSS Score
0.002
Published
2025-12-30
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit is now public and may be used.
CVSS Score
3.1
EPSS Score
0.0
Published
2025-12-30
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-02-09