{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/119772?format=json","vulnerability_id":"VCID-vzp8-afkk-8qbe","summary":"The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue.","aliases":[{"alias":"CVE-2025-47272"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47272","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18931","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19096","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47272"},{"reference_url":"https://github.com/CE-PhoenixCart/PhoenixCart/commit/e87162b15d31c4126acfc1aad6108e5b9955bb76","reference_id":"e87162b15d31c4126acfc1aad6108e5b9955bb76","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T11:43:12Z/"}],"url":"https://github.com/CE-PhoenixCart/PhoenixCart/commit/e87162b15d31c4126acfc1aad6108e5b9955bb76"},{"reference_url":"https://github.com/CE-PhoenixCart/PhoenixCart/security/advisories/GHSA-62qj-pvwm-h8cv","reference_id":"GHSA-62qj-pvwm-h8cv","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T11:43:12Z/"}],"url":"https://github.com/CE-PhoenixCart/PhoenixCart/security/advisories/GHSA-62qj-pvwm-h8cv"}],"weaknesses":[{"cwe_id":306,"name":"Missing Authentication for Critical Function","description":"The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources."}],"exploits":[],"severity_range_score":"5.5 - 5.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzp8-afkk-8qbe"}