Phoenixcart Ce Phoenix Cart vulnerabilities
2 known vulnerabilities affecting phoenixcart/ce_phoenix_cart.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-25415P3HIGHCVSS 7.2v1.0.8.202024-02-16
CVE-2024-25415 [HIGH] CWE-94 CVE-2024-25415: A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 al
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
nvd
CVE-2025-47289P3CRITICALCVSS 9.0fixed in 1.1.0.32025-06-02
CVE-2025-47289 [CRITICAL] CWE-1004 CVE-2025-47289: CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerabil
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in t
nvd