CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session e.g., on a shared/public machine could...

CVE-2023-29498

Improper restriction of XML external entity reference XXE vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed...

PT-2023-22182 · Unknown · Frenic Rhc Loader

Name of the Vulnerable Software and Affected Versions: FRENIC RHC Loader version 1.1.0.3 Description: An out-of-bound reads issue exists, potentially allowing disclosure of sensitive system information or execution of arbitrary code when a specially crafted FNE file is opened. Recommendations: Fo...

PT-2023-22282 · Unknown · Frenic Rhc Loader

Name of the Vulnerable Software and Affected Versions: FRENIC RHC Loader versions 1.1.0.3 and earlier Description: An issue exists due to improper restriction of XML external entity reference XXE, which may lead to the disclosure of sensitive information on the system where the affected product i...

PT-2023-22178 · Unknown · Frenic Rhc Loader

Name of the Vulnerable Software and Affected Versions: FRENIC RHC Loader version 1.1.0.3 Description: A stack-based buffer overflow issue exists, potentially allowing sensitive information disclosure or arbitrary code execution if a user opens a specially crafted FNE file. Recommendations: For...