CVE-2022-40291

HIGH

php_point_of_sale - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0029
EPSS Percentile 20.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
phppointofsale/php_point_of_sale 19.0
Published Oct 31, 2022
Tracked Since Feb 18, 2026