Home

Description

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2025-12-27 | Published 2025-12-28 | Updated 2025-12-29 | Assigner VulDB




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.6AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Race Condition

Timeline

2025-12-27:Advisory disclosed
2025-12-27:VulDB entry created
2025-12-27:VulDB entry last update

Credits

KhanMarshal (VulDB User) reporter

References

vuldb.com/?id.338494 (VDB-338494 | OpenCart Single-Use Coupon race condition) vdb-entry

vuldb.com/?ctiid.338494 (VDB-338494 | CTI Indicators (IOB, IOC)) signature permissions-required

vuldb.com/?submit.711745 (Submit #711745 | OpenCart 4.1.0.3 Time-of-check Time-of-use) third-party-advisory

gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01 related

gist.github.com/KhanMarshaI/a55f125a55de1c0d4f41e66236027e01 exploit

cve.org (CVE-2025-15116)

nvd.nist.gov (CVE-2025-15116)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.