| Titre | PHPEMS <=11.0 Race Condition |
|---|
| Description | The coupon recharge function in PHPEMS (a web-based exam simulation system) is vulnerable to a Race Condition. By sending multiple concurrent requests with the same valid coupon code, an attacker can exploit the lack of atomicity checks on the coupon's usage status and inventory. This allows the same coupon to be recharged repeatedly, resulting in unauthorized accumulation of virtual assets (or potential financial losses if the coupons are tied to real currency) in the attacker's account. |
|---|
| La source | ⚠️ https://byebydoggy.github.io/post/2025/1229-phpems-coupon-recharge-race-condition-poc/ |
|---|
| Utilisateur | byebyedoggy (UID 90091) |
|---|
| Soumission | 29/12/2025 05:27 (il y a 4 mois) |
|---|
| Modérer | 29/12/2025 09:16 (4 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 338632 [PHPEMS jusqu’à 11.0 Coupon race condition] |
|---|
| Points | 20 |
|---|