Headline
CVE-2022-40296: Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.
CVE-2022-40296
Discovered by Edward Prior on behalf of The Missing Link Security
Vulnerability Details
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services. Leading to attacks in other downstream systems.
Affected Versions
Discovered in: 19.0
Fixed Versions
Fixed In: Won’t fix.
Latest News
Recent data breaches and what your business can learn from them
Clearing up the complex world of penetration testing
How intelligent automation can help address ESG reporting challenges
See All News