Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.
CVE-2022-40295

4.9MEDIUM

Key Information:

Vendor: PHP Point Of Sale Llc
Status: PHP Point Of Sale
Vendor: CVE Published:; 31 October 2022

🔔 Create PHP Point Of Sale Llc Vulnerability Alert

What is CVE-2022-40295?

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

Affected Version(s)

PHP Point of Sale 19.0

References

https://www.themissinglink.com.au/security-advisories/cve...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 8, 2022

CVE-2022-40295 Data

JSON