6 matches found
CVE-2026-8802
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802
Open Source POS (opensourcepos) up to version 3.4.2 contains a path traversal vulnerability in getPicThumb (app/Controllers/Items.php) caused by unsafely handling the pic_filename argument. Exploitation could be remote; a patch identified as def0c27a0e252668df8d942fc31e16d1edfd7323 is available a...
EUVD-2026-30761
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802 opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...
CVE-2026-8802
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...