← Volver a CVEs
CVE-2022-40294
HIGH8.8
Descripcion
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/31/2022
Ultima modificacion5/6/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
phppointofsale:php_point_of_sale
Debilidades (CWE)
CWE-1236CWE-1236
Referencias
https://www.themissinglink.com.au/security-advisories/cve-2022-40294(vdp@themissinglink.com.au)
https://www.themissinglink.com.au/security-advisories/cve-2022-40294(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.