PT-2026-21256 · Unknown · Opensourcepos

Hungnqdz

Publicado

2026-02-20

Atualizado

2026-02-23

CVE-2026-26746

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1

Description The application contains a Local File Inclusion (LFI) issue within the Sales.php::getInvoice() function. An attacker can potentially read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue may be combined with the file upload functionality to achieve Remote Code Execution (RCE).

Recommendations Apply updates to address the issue in the Sales.php::getInvoice() function.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2026-26746

Produtos afetados

Opensourcepos

PT-2026-21256 · Unknown · Opensourcepos

CVE-2026-26746

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5