Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.
CVE-2022-40296

9.8CRITICAL

Key Information:

Vendor: PHP Point Of Sale Llc
Status: PHP Point Of Sale
Vendor: CVE Published:; 31 October 2022

🔔 Create PHP Point Of Sale Llc Vulnerability Alert

What is CVE-2022-40296?

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.

Affected Version(s)

PHP Point of Sale 19.0

References

https://www.themissinglink.com.au/security-advisories/cve...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 8, 2022

CVE-2022-40296 Data

JSON