CVE-2022-40296

CVE-2022-40296: Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

Vendor Php Point Of Sale Llc

Product PHP Point of Sale

Weakness CWE-918 · SSRF

Published October 31, 2022

Last update May 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.

Key dates

02Disclosure timeline

October 31, 2022 CVE published

May 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40296

Related vulnerabilities

04Related CVE

CVE-2024-54197 Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) CVE-2025-58641 WordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) Vulnerability CVE-2024-10207 Server-Side Request Forgery (authenticated) in APROL Web Portal CVE-2025-49985 WordPress Auto Upload Images plugin <= 3.3.2 - Server Side Request Forgery (SSRF) Vulnerability CVE-2025-31116 Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding