| عنوان | PHPEMS <=11.0 Race Condition |
|---|
| الوصف | The coupon recharge function in PHPEMS (a web-based exam simulation system) is vulnerable to a Race Condition. By sending multiple concurrent requests with the same valid coupon code, an attacker can exploit the lack of atomicity checks on the coupon's usage status and inventory. This allows the same coupon to be recharged repeatedly, resulting in unauthorized accumulation of virtual assets (or potential financial losses if the coupons are tied to real currency) in the attacker's account. |
|---|
| المصدر | ⚠️ https://byebydoggy.github.io/post/2025/1229-phpems-coupon-recharge-race-condition-poc/ |
|---|
| المستخدم | byebyedoggy (UID 90091) |
|---|
| ارسال | 29/12/2025 05:27 AM (4 أشهر منذ) |
|---|
| الاعتدال | 29/12/2025 09:16 AM (4 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 338632 [PHPEMS حتى 11.0 Coupon حالة سباق] |
|---|
| النقاط | 20 |
|---|