CVE-2022-40292

Summary

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.

Affected Software

VendorProductVersion RangeStatus
PHP Point of Sale LLCPHP Point of Sale0affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References