4 matches found
CVE-2026-26746
OpenSourcePOS 3.4.1 contains a Local File Inclusion LFI vulnerability in the Sales.php::getInvoice function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code...
CVE-2026-26746
OpenSourcePOS 3.4.1 contains a Local File Inclusion LFI vulnerability in the Sales.php::getInvoice function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code...
opensourcepos 安全漏洞
opensourcepos is an open-source POS system developed by opensourcepos. Version 3.4.1 of opensourcepos contains a security vulnerability. This vulnerability stems from the Sales.php::getInvoice function, which involves local file inclusion, potentially allowing for the reading of arbitrary files o...
CVE-2026-26746
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) in Sales.php::getInvoice(), allowing an attacker to read arbitrary server files via Invoice Type manipulation. This may be chained with file upload to achieve Remote Code Execution (RCE). No exploit details are provided in these documents ...