Improper Neutralization of Special Elements in Data Query Logic

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the searchCustomPages process. An attacker can access unintended content by submitti...

CVE-2026-32888 Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

CVE-2026-32888

CVE-2026-32888 affects Open Source Point of Sale (PHP, CodeIgniter). A SQL Injection exists in the Items search functionality when the custom attribute search feature (search_custom) is enabled: user input from the search GET parameter is interpolated directly into a HAVING clause without paramet...

CVE-2026-32888 Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...