Yudha P

#8767of 53,632
31.2Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2023-25544
7.5
2023-06-30
Unknown · Pos Codekop · CVE-2023-36347
**Name of the Vulnerable Software and Affected Versions** POS Codekop version 2.0 **Description** A broken authentication mechanism in the endpoint "excel.php" allows unauthenticated attackers to download selling data. **Recommendations** For POS Codekop version 2.0, consider restricting access to the "excel.php" endpoint until a patch is available. As a temporary workaround, review and strengthen the authentication mechanism to prevent unauthorized access.
PT-2023-25542
8.8
2023-06-23
Unknown · Pos Codekop · CVE-2023-36345
**Name of the Vulnerable Software and Affected Versions** POS Codekop version 2.0 **Description** A Cross-Site Request Forgery (CSRF) issue allows attackers to escalate privileges. **Recommendations** For POS Codekop version 2.0, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive operations that could be exploited through CSRF attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-25543
6.1
2023-06-23
Unknown · Pos Codekop · CVE-2023-36346
**Name of the Vulnerable Software and Affected Versions** POS Codekop version 2.0 **Description** A reflected cross-site scripting (XSS) issue was found in POS Codekop. The issue is related to the `nm member` parameter at the "print.php" endpoint. This allows for potential XSS attacks. **Recommendations** For POS Codekop version 2.0, consider disabling access to the "print.php" endpoint until a fix is available. As a temporary workaround, restrict the use of the `nm member` parameter to minimize the risk of exploitation.
PT-2023-25545
8.8
2023-06-23
Unknown · Pos Codekop · CVE-2023-36348
**Name of the Vulnerable Software and Affected Versions** POS Codekop version 2.0 **Description** The issue is related to an authenticated remote code execution (RCE) vulnerability. It can be exploited via the `filename` parameter. **Recommendations** For POS Codekop version 2.0, consider restricting access to the `filename` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.