CVE-2023-36347
HIGH NUCLEIPOS Codekop 2.0 - Unauthenticated Sensitive Data Exposure via excel.php Endpoint
Title source: llmExploitation Summary
CVE-2023-36347 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.
Nuclei Templates (1)
POS Codekop v2.0 - Broken Authentication
HIGHby princechaddha
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://yuyudhn.github.io/pos-codekop-vulnerability/
Scores
CVSS v3
7.5
EPSS
0.3235
EPSS Percentile
98.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
codekop/codekop
2.0
Published
Jun 30, 2023
Tracked Since
Feb 18, 2026