CNNVD-202512-5457 Information

CNNVD ID

CNNVD-202512-5457

Related CVE

CVE-2025-15244

• CNNVD Published: 2025-12-30

Description (Chinese)

PHPEMS是一个PHP在线模拟考试系统。 PHPEMS 11.0及之前版本存在竞争条件问题漏洞，该漏洞源于组件Purchase Request Handler存在竞争条件，可能导致竞争条件攻击。

Description (English)

PHPEMS is an online PHP simulation examination system. PHPEMS 11.0 and previous versions have a gap in competition conditions, which stems from the existence of competitive conditions for component Purchase Request Handler, which may lead to an attack on competitive conditions.

Hazard Level

Critical

Vulnerability Type

竞争条件问题

Affected Vendor

个人开发者

Published

2025-12-30

Last Modified

2026-02-24

References

https://byebydoggy.github.io/post/2025/1229-phpems-points-race-condition-poc/ https://vuldb.com/?ctiid.338634 https://vuldb.com/?id.338634 https://vuldb.com/?submit.725727