CVE-2022-40295

CVE-2022-40295: Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

Vendor Php Point Of Sale Llc
Product PHP Point of Sale
Weakness CWE-916
Published October 31, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

Key dates

02Disclosure timeline

October 31, 2022 CVE published
August 3, 2024 Record updated