18 matches found
POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability
Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The application does...
POS Codekop 2.0 Shell Upload
Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Date: 25-05-2023 Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The...
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Date: 25-05-2023 Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The...
CVE-2023-36347
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data...
CVE-2023-36347
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data...
CVE-2023-36347
POS Codekop v2.0 is affected by a broken authentication flaw in the endpoint excel.php that allows unauthenticated access to download selling data. The issue stems from improper authentication/session handling, enabling an attacker to retrieve sensitive data without valid login. Impact is describ...
CVE-2023-36347
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data...
CVE-2023-36347
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data...
CVE-2023-36345
A Cross-Site Request Forgery CSRF in POS Codekop v2.0 allows attackers to escalate privileges...
CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...
Cross site scripting
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the nmmember parameter at print.php...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in POS Codekop v2.0 allows attackers to escalate privileges...
CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...
CVE-2023-36346
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the nmmember parameter at print.php...
CVE-2023-36346
POS Codekop v2.0 has a reflected XSS vulnerability in the print.php endpoint through the nm_member parameter. Affects the web application’s print.php handling, enabling injection of script code that could be executed in users’ browsers. The Nuclei template and Red Hat/NVD references confirm the i...
CVE-2023-36345
A Cross-Site Request Forgery CSRF in POS Codekop v2.0 allows attackers to escalate privileges...
CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the filename parameter...
CVE-2023-36345
POS Codekop v2.0 is affected by a CSRF vulnerability that can allow privilege escalation. The root cause is a Cross-Site Request Forgery issue, with no public details about a fix in the provided sources. The PT-2023-25542 entry recommends CSRF token validation and restricting sensitive operations...