CVE-2022-40295 — MEDIUM (4.9)

Vulnerability Description

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Phppointofsale	Php Point Of Sale	19.0

Related Weaknesses (CWE)

CWE-916 CWE-311

References

https://www.themissinglink.com.au/security-advisories/cve-2022-40295Third Party Advisory
https://www.themissinglink.com.au/security-advisories/cve-2022-40295Third Party Advisory

FAQ

What is CVE-2022-40295?

CVE-2022-40295 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offlin...

How severe is CVE-2022-40295?

CVE-2022-40295 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-40295?

Check the references section above for vendor advisories and patch information. Affected products include: Phppointofsale Php Point Of Sale.