3 matches found
CVE-2026-26746
OpenSourcePOS 3.4.1 contains a Local File Inclusion LFI vulnerability in the Sales.php::getInvoice function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code...
CVE-2026-26746
OpenSourcePOS 3.4.1 contains a Local File Inclusion LFI vulnerability in the Sales.php::getInvoice function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code...
CVE-2023-4245
The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the...