phdwg1410

2 exploits Active since Feb 2026
CVE-2026-26746 GITHUB HIGH python WRITEUP
OpenSourcePOS 3.4.1 - Local File Inclusion and Remote Code Execution via Invoice Type Manipulation
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code Execution (RCE).
10 stars
CVSS 8.8
CVE-2026-26746 NOMISEC HIGH WRITEUP
OpenSourcePOS 3.4.1 - Local File Inclusion and Remote Code Execution via Invoice Type Manipulation
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code Execution (RCE).
CVSS 8.8