Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/06/04 11:20 a.m.9 views

CVE-2025-47272

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

5.5CVSS6.8AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 11:15 a.m.12 views

CVE-2025-47272

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

5.5CVSS0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/02 10:47 a.m.19 views

CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

5.5CVSS0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/02 10:47 a.m.10 views

CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

5.5CVSS6.8AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 2025/06/02 10:47 a.m.48 views

CVE-2025-47272

CVE-2025-47272 affects CE Phoenix eCommerce (PhoenixCart) platforms versions 1.0.9.7 through 1.1.0.3, where logged-in users could delete their accounts without password re-authentication (session-based acceptance). Root cause: lack of re-auth for account deletion. Impact: potential permanent acco...

5.5CVSS5.4AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2025/06/02 10:47 a.m.6 views

CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

5.5CVSS6.7AI score0.00142EPSS
Exploits0References4
Rows per page
Query Builder