Description

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Remediation

References

CVE-2025-15116

Related Vulnerabilities

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (4.0.9)

MongoDb Improper Neutralization of Null Byte or NUL Character Vulnerability (CVE-2024-10921)

Internet Information Services Other Vulnerability (CVE-2001-0096)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12648)

WordPress Plugin WP-Members Membership Cross-Site Scripting (3.4.9.2)

Severity

Medium

Classification

CVE-2025-15116 CWE-362 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Tags

Missing Update Known Vulnerabilities