Headline
CVE-2022-40295: Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
CVE-2022-40295
Discovered by Edward Prior on behalf of The Missing Link Security
Vulnerability Details
The application was vulnerable to an Authenticated Information Disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
Affected Versions
Discovered in: 19.0
Fixed Versions
Fixed In: Won’t fix.
Latest News
Recent data breaches and what your business can learn from them
Clearing up the complex world of penetration testing
How intelligent automation can help address ESG reporting challenges
See All News