CVE-2022-40294

Summary

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.

Affected Software

VendorProductVersion RangeStatus
PHP Point of Sale LLCPHP Point of Sale19.0affected

Weaknesses

  • CWE-1236: CWE-1236 Improper Neutralization of Formula Elements in a CSV File

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References