CNNVD-202512-5460 Information

CNNVD ID

CNNVD-202512-5460

Related CVE

CVE-2025-15242

• CNNVD Published: 2025-12-30

Description (Chinese)

PHPEMS是PHPEMS开源的一个PHP在线模拟考试系统。 PHPEMS 11.0及之前版本存在竞争条件问题漏洞，该漏洞源于组件Coupon Handler存在竞争条件，可能导致竞争条件攻击。

Description (English)

PHPEMS is an open source of PHPEMS, an online PHP simulation examination system. PHPEMS 11.0 and previous versions have a gap in competition conditions, which stems from the existence of competitive conditions in component Coupon Handler, which may lead to attacks on competitive conditions.

Hazard Level

Critical

Vulnerability Type

竞争条件问题

Affected Vendor

PHPEMS

Published

2025-12-30

Last Modified

2026-02-24

References

https://byebydoggy.github.io/post/2025/1229-phpems-coupon-recharge-race-condition-poc/ https://vuldb.com/?submit.725661 https://vuldb.com/?ctiid.338632 https://vuldb.com/?id.338632