Home/Product/phppointofsale php point of sale
Product

phppointofsale php point of sale

13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-41011
all versions
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's brow
6.1MEDIUM
 CVE-2022-40296
all versions
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected e
9.8CRITICAL
 CVE-2022-40295
all versions
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords
4.9MEDIUM
 CVE-2022-40294
all versions
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded w
8.8HIGH
 CVE-2022-40293
all versions
The application was vulnerable to a session fixation that could be used hijack accounts.
9.8CRITICAL
 CVE-2022-40292
all versions
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on
5.3MEDIUM
 CVE-2022-40291
all versions
The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending mal
8.8HIGH
 CVE-2022-40290
all versions
The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation
6.1MEDIUM
 CVE-2022-40289
all versions
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, whi
9.0CRITICAL
 CVE-2022-40288
all versions
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could
9.0CRITICAL
 CVE-2022-40287
all versions
The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functi
9.0CRITICAL
 CVE-2011-3785
all versions
PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which re
 CVE-2007-1477
all versions
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and exec
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh