PT-2026-21255 · Unknown · Opensourcepos

Hungnqdz

Publicado

2026-02-20

Atualizado

2026-02-23

CVE-2026-26745

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1

Description The software contains a second order SQL Injection issue in how it handles the currency symbol configuration field. The input is stored and later used in a dynamically constructed SQL query without proper sanitization. This allows an attacker who can modify the currency symbol value to inject SQL expressions that are executed when the query is processed. The vulnerable configuration field is currency symbol.

Recommendations Apply updates to address the improper handling of the currency symbol configuration field.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-26745

Produtos afetados

Opensourcepos

PT-2026-21255 · Unknown · Opensourcepos

CVE-2026-26745

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5