VYPR
Vendor

CE Phoenix

Products
2
CVEs
5
Across products
6
Status
Private

Products

2

Recent CVEs

5
  • CVE-2024-25415HigFeb 16, 2024
    risk 0.49cvss 7.2epss 0.27

    A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.

  • CVE-2025-47289MedJun 2, 2025
    risk 0.41cvss 6.3epss 0.00

    CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the…

  • CVE-2024-58296MedDec 11, 2025
    risk 0.34cvss epss 0.00

    CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the…

  • CVE-2024-26521MedMar 12, 2024
    risk 0.31cvss 4.8epss 0.01

    HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.

  • CVE-2025-47272MedJun 2, 2025
    risk 0.29cvss 5.5epss 0.00

    The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public…