← Back to CVEs
CVE-2022-40294
HIGH8.8
Description
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published10/31/2022
Last Modified5/6/2025
Sourcenvd
Honeypot Sightings0
Affected Products
phppointofsale:php_point_of_sale
Weaknesses (CWE)
CWE-1236CWE-1236
References
https://www.themissinglink.com.au/security-advisories/cve-2022-40294(vdp@themissinglink.com.au)
https://www.themissinglink.com.au/security-advisories/cve-2022-40294(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.