Byebyedoggy

**Name of the Vulnerable Software and Affected Versions** PHPEMS versions up to 11.0 **Description** A cross-site request forgery condition exists in PHPEMS. The issue is triggered by manipulation of an unknown function and can be exploited remotely. **Recommendations** Versions prior to 11.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** PHPEMS versions prior to 11.1 **Description** A race condition exists in the Coupon Handler component of PHPEMS. This issue can be exploited remotely, though the complexity of an attack is considered high and exploitability is difficult. The exploit is publicly available. The vulnerable element is an unknown function within the Coupon Handler. **Recommendations** Update PHPEMS to version 11.1 or later.

**Name of the Vulnerable Software and Affected Versions** PHPEMS versions prior to 11.1 **Description** A flaw exists in PHPEMS related to the Purchase Request Handler component. This issue results in a race condition that can be triggered remotely. Exploitation requires a high level of complexity and is considered difficult. The details of the exploit have been publicly disclosed. **Recommendations** Update PHPEMS to version 11.1 or later.