CVE-2022-40294

CSV Injection in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC

CVSS 8.8 HIGHEPSS 0.7%CWE-1236

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 0.7%KEV nãoPoC —Patch —

Ciclo de vida

31 de out. de 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

PHP Point of Sale LLC · PHP Point of Sale

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.themissinglink.com.au/security-advisories/cve-2022-40294