VYPR

CE Phoenix

by CE Phoenix

CVEs (4)

  • CVE-2024-25415HigFeb 16, 2024
    risk 0.49cvss 7.2epss 0.27

    A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.

  • CVE-2025-47289MedJun 2, 2025
    risk 0.41cvss 6.3epss 0.00

    CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the…

  • CVE-2024-58296MedDec 11, 2025
    risk 0.34cvss epss 0.00

    CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the…

  • CVE-2024-26521MedMar 12, 2024
    risk 0.31cvss 4.8epss 0.01

    HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.