CVE-2022-40295
MEDIUMphp_point_of_sale - Authenticated Information Disclosure of Unsalted Password Hashes
Title source: llmDescription
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
References (1)
Core 1
Core References
Third Party Advisory
https://www.themissinglink.com.au/security-advisories/cve-2022-40295
Scores
CVSS v3
4.9
EPSS
0.0037
EPSS Percentile
28.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-916
CWE-311
Status
published
Products (1)
phppointofsale/php_point_of_sale
19.0
Published
Oct 31, 2022
Tracked Since
Feb 18, 2026