Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Source Point of Sale has an IDOR in Password Change (Home)
Vulnerability Description
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows an authenticated low-privileged user to access the password change functionality of other users, including administrators, by manipulating the `employee_id` parameter. The application does not verify object ownership or enforce authorization checks. Version 3.4.2 adds object-level authorization checks to validate that the current user owns the employee_id being accessed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Open Source Point of Sale 安全漏洞
Vulnerability Description
Open Source Point of Sale是opensourcepos开源的一个基于网络的销售点系统。 Open Source Point of Sale 3.4.2之前版本存在安全漏洞,该漏洞源于不安全的直接对象引用,可能导致经过身份验证的低权限用户通过操纵employee_id参数访问其他用户的密码更改功能。
CVSS Information
N/A
Vulnerability Type
N/A