CVE-2022-40291

CVE-2022-40291: Cross-site request forgery (CSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC

Vendor Php Point Of Sale Llc
Product PHP Point of Sale
Weakness CWE-352 · CSRF
Published October 31, 2022
Last update May 6, 2025

CVSS base score

What the vulnerability does

01Description

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.

Key dates

02Disclosure timeline

October 31, 2022 CVE published
May 6, 2025 Record updated