← back
CVE-2022-40295

Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

EPSS 0.4%CWE-916
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
Affected products
PHP Point of Sale LLC · PHP Point of Sale

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.themissinglink.com.au/security-advisories/cve-2022-40295