CVE-2022-40295EPSS p28.4%

CVE-2022-40295CVE-2022-40295

phppointofsale / php_point_of_sale

Description

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

Scoring

CVSS 4.9 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS0.37% probability of exploitation · percentile 28.4% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.