The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.
References
Link | Resource |
---|---|
https://www.themissinglink.com.au/security-advisories/cve-2022-40291 | Third Party Advisory |
Configurations
History
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
Summary | The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. |
03 Nov 2022, 02:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Phppointofsale php Point Of Sale
Phppointofsale |
|
CPE | cpe:2.3:a:phppointofsale:php_point_of_sale:19.0:*:*:*:*:*:*:* | |
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://www.themissinglink.com.au/security-advisories/cve-2022-40291 - Third Party Advisory |
31 Oct 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-31 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-40291
Mitre link : CVE-2022-40291
CVE.ORG link : CVE-2022-40291
JSON object : View
Products Affected
phppointofsale
- php_point_of_sale
CWE
CWE-352
Cross-Site Request Forgery (CSRF)