CVE-2022-40296

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.
Configurations

Configuration 1 (hide)

cpe:2.3:a:phppointofsale:php_point_of_sale:19.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:21

Type Values Removed Values Added
References () https://www.themissinglink.com.au/security-advisories/cve-2022-40296 - Third Party Advisory () https://www.themissinglink.com.au/security-advisories/cve-2022-40296 - Third Party Advisory

25 Oct 2023, 18:17

Type Values Removed Values Added
Summary The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.

Information

Published : 2022-10-31 21:15

Updated : 2024-11-21 07:21


NVD link : CVE-2022-40296

Mitre link : CVE-2022-40296

CVE.ORG link : CVE-2022-40296


JSON object : View

Products Affected

phppointofsale

  • php_point_of_sale
CWE
CWE-918

Server-Side Request Forgery (SSRF)