CVE-2018-17110

Name of the Vulnerable Software and Affected Versions Simple POS version 4.0.24

Description The issue allows SQL Injection via the columns[0][search][value] parameter in the management panel. This can be exploited through the "products/get products/" API endpoint.

Recommendations For Simple POS version 4.0.24, avoid using the columns[0][search][value] parameter in the "products/get products/" endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.