CVE-2022-40294

CVE-2022-40294: CSV Injection in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC

Vendor Php Point Of Sale Llc
Product PHP Point of Sale
Weakness CWE-1236
Published October 31, 2022
Last update May 6, 2025

CVSS base score

What the vulnerability does

01Description

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.

Key dates

02Disclosure timeline

October 31, 2022 CVE published
May 6, 2025 Record updated