Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_password` parameters empty in the password change request, the backend still returns a successful response and sets the password to an empty string. This effectively disables authentication and may allow unauthorized access to user or administrative accounts.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
opensourcepos 安全漏洞
Vulnerability Description
opensourcepos是opensourcepos开源的一个销售点系统。 opensourcepos 3.4.1版本存在安全漏洞,该漏洞源于缺少服务器端验证,可能导致设置空密码和未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A