Headline
CVE-2022-40294: Authenticated incubated vulnerability in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.
CVE-2022-40294
Discovered by Edward Prior on behalf of The Missing Link Security
Vulnerability Details
The application was identified to have an Authenticated Incubated Vulnerability in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.
Affected Versions
Discovered in: 19.0
Fixed Versions
Fixed In: Won’t fix.
Latest News
Recent data breaches and what your business can learn from them
Clearing up the complex world of penetration testing
How intelligent automation can help address ESG reporting challenges
See All News