CVE-2022-40295

EPSS 0.37%
Veröffentlicht 31.10.2022 21:15:13
Zuletzt bearbeitet 25.02.2026 16:21:42
Quelle vdp@themissinglink.com.au
CVE-Watchlists
Login
Unerledigt
Login

Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phppointofsale ≫ Php Point Of Sale Version19.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-916 Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

https://www.themissinglink.com.au/security-advisories/cve-2022-40295

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-40295

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-40295

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-40295

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-40295