CVE-2025-15116

Medium CVSS: 6.3

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Opencart

Product

Opencart

CWE

CWE-362

Yayın Tarihi

2025-12-28 03:15:40

Güncelleme

2026-02-24 07:16:57

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-362 Opencart MEDIUM Opencart 2025

Referanslar

https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01 https://gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01#steps-to-reproduce https://vuldb.com/?ctiid.338494 https://vuldb.com/?id.338494 https://vuldb.com/?submit.711745

Benzer Kayıtlar

High

CVE-2024-58341

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate databas…

Medium

CVE-2026-3714

A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/contro…

Medium

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerabil…

Medium

CVE-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog p…

Medium

CVE-2025-1747

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to mod…

Medium

CVE-2025-1748

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to mod…