CSV Injection in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC
CVE-2022-40294

8.8HIGH

Key Information:

Vendor: PHP Point Of Sale Llc
Status: PHP Point Of Sale
Vendor: CVE Published:; 31 October 2022

🔔 Create PHP Point Of Sale Llc Vulnerability Alert

What is CVE-2022-40294?

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.

Affected Version(s)

PHP Point of Sale 19.0

References

https://www.themissinglink.com.au/security-advisories/cve...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 8, 2022

CVE-2022-40294 Data

JSON