CVE-2022-40295

Summary

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

Affected Software

VendorProductVersion RangeStatus
PHP Point of Sale LLCPHP Point of Sale19.0affected

Weaknesses

  • CWE-916: CWE-916 Use of Password Hash With Insufficient Computational Effort

ADP Enrichment

CVE Program Container

Additional References

References