PT-2026-4527 · Aptsys · Gems Loyalty Php Backend
Published
2026-01-23
·
Updated
2026-02-11
·
CVE-2025-52022
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gems Loyalty PHP Backend versions through 2025-05-28
Description
A flaw exists in the PHP backend of gemsloyalty.aptsys.com.sg that permits unauthenticated remote attackers to initiate detailed error messages. These messages reveal internal file paths, code snippets, and stack traces. The issue is triggered by specifically designed HTTP GET/POST requests sent to public API endpoints, potentially exposing sensitive information that could aid in further attacks. This is categorized as information exposure through an error message.
Recommendations
Apply fixes to address the issue in Gems Loyalty PHP Backend versions through 2025-05-28.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gems Loyalty Php Backend