Enviar #725661: PHPEMS <=11.0 Race Conditioninformación

TítuloPHPEMS <=11.0 Race Condition
DescripciónThe coupon recharge function in PHPEMS (a web-based exam simulation system) is vulnerable to a Race Condition. By sending multiple concurrent requests with the same valid coupon code, an attacker can exploit the lack of atomicity checks on the coupon's usage status and inventory. This allows the same coupon to be recharged repeatedly, resulting in unauthorized accumulation of virtual assets (or potential financial losses if the coupons are tied to real currency) in the attacker's account.
Fuente⚠️ https://byebydoggy.github.io/post/2025/1229-phpems-coupon-recharge-race-condition-poc/
Usuario
 byebyedoggy (UID 90091)
Sumisión2025-12-29 05:27 (hace 4 meses)
Moderación2025-12-29 09:16 (4 hours later)
EstadoAceptado
Entrada de VulDB338632 [PHPEMS hasta 11.0 Coupon condición de carrera]
Puntos20

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!