CVE-2022-40296 - OpenCVE

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phppointofsale	Php Point Of Sale

Configuration 1 [-]

cpe:2.3:a:phppointofsale:php_point_of_sale:19.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.themissinglink.com.au/security-advisories/cve-2022-40296

History

No history.

MITRE

Status: PUBLISHED

Assigner: TML

Published: 2022-10-31T20:07:56.767774Z

Updated: 2024-08-03T12:14:40.255Z

Reserved: 2022-09-08T00:00:00

Link: CVE-2022-40296

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-31T21:15:13.293

Modified: 2023-10-25T18:17:16.567

Link: CVE-2022-40296

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PHP Point of Sale", "vendor": "PHP Point of Sale LLC", "versions": [{"status": "affected", "version": "19.0"}]}], "datePublic": "2022-10-28T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(254, 254, 254);\">The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.</span>\n\n"}], "value": "\nThe application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.\n\n"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7", "shortName": "TML", "dateUpdated": "2023-10-25T08:27:02.461Z"}, "references": [{"name": "https://www.themissinglink.com.au/security-advisories/cve-2022-40296", "url": "https://www.themissinglink.com.au/security-advisories/cve-2022-40296"}], "source": {"discovery": "EXTERNAL"}, "title": "Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:14:40.255Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.themissinglink.com.au/security-advisories/cve-2022-40296", "url": "https://www.themissinglink.com.au/security-advisories/cve-2022-40296", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7", "cveId": "CVE-2022-40296", "serial": 1, "state": "PUBLISHED", "dateUpdated": "2024-08-03T12:14:40.255Z", "dateReserved": "2022-09-08T00:00:00", "datePublished": "2022-10-31T20:07:56.767774Z", "assignerShortName": "TML"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}