fkie_cve-2025-47272
Vulnerability from fkie_nvd
Published
2025-06-02 11:15
Modified
2025-06-02 17:32
Severity ?
Summary
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user\u2019s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue."
},
{
"lang": "es",
"value": "La plataforma CE Phoenix eCommerce, a partir de la versi\u00f3n 1.0.9.7 y anteriores a la 1.1.0.3, permit\u00eda a los usuarios conectados eliminar sus cuentas sin necesidad de volver a autenticar la contrase\u00f1a. Un atacante con acceso temporal a una sesi\u00f3n autenticada (por ejemplo, en una m\u00e1quina compartida o p\u00fablica) podr\u00eda eliminar permanentemente la cuenta del usuario sin conocer la contrase\u00f1a. Esta omisi\u00f3n de la reautenticaci\u00f3n pone a los usuarios en riesgo de p\u00e9rdida de cuenta e interrupci\u00f3n de datos. La versi\u00f3n 1.1.0.3 incluye un parche para este problema."
}
],
"id": "CVE-2025-47272",
"lastModified": "2025-06-02T17:32:17.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T11:15:22.557",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/CE-PhoenixCart/PhoenixCart/commit/e87162b15d31c4126acfc1aad6108e5b9955bb76"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/CE-PhoenixCart/PhoenixCart/security/advisories/GHSA-62qj-pvwm-h8cv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…