CVE-2022-40296 Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

2022-10-3120:07:56

CWE-918

TML

www.cve.org

cve-2022-40296; server-side request forgery; php point of sale; backend server; unexpected endpoints; internal services; local services; downstream systems

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PHP Point of Sale",
    "vendor": "PHP Point of Sale LLC",
    "versions": [
      {
        "status": "affected",
        "version": "19.0"
      }
    ]
  }
]

References

www.themissinglink.com.au/security-advisories/cve-2022-40296