CVE-2025-67261

MEDIUM

Abacre Retail Point OF Sale - SQL Injection

Title source: rule

Description

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page.

Exploits (1)

nomisec WRITEUP 1 stars

by Smarttfoxx · poc

https://github.com/Smarttfoxx/CVE-2025-67261

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://packetstorm.news/files/id/214046/

[Product] https://www.abacre.com/retailpointofsale/

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 10.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-89

Status published

Products (1)

abacre/retail_point_of_sale 14.0.0.396

Published Jan 20, 2026

Tracked Since Feb 18, 2026