Description

The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue.

INFO

Published Date :

2025-06-02T10:47:53.761Z

Last Modified :

2025-06-02T11:43:22.588Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47272 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47272.

URL Resource
https://github.com/CE-PhoenixCart/PhoenixCart/commit/e87162b15d31c4126acfc1aad6108e5b9955bb76 cve-icon cve-icon
https://github.com/CE-PhoenixCart/PhoenixCart/security/advisories/GHSA-62qj-pvwm-h8cv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact