CVE-2022-40291

Published: Oct 31, 2022Modified: May 6, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.

Affected (1)

Products: Phppointofsale: Php Point Of Sale

1 product

Php Point Of Sale

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phppointofsale Php Point Of Sale	Version 19.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://www.themissinglink.com.au/security-advisories/cve-2022-40291

Source: vdp@themissinglink.com.au

Third Party Advisory

https://www.themissinglink.com.au/security-advisories/cve-2022-40291

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.