CVE-2026-26745

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1

Description The software contains a second order SQL Injection issue in how it handles the currency symbol configuration field. The input is stored and later used in a dynamically constructed SQL query without proper sanitization. This allows an attacker who can modify the currency symbol value to inject SQL expressions that are executed when the query is processed. The vulnerable configuration field is currency symbol.

Recommendations Apply updates to address the improper handling of the currency symbol configuration field.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-26745

Affected Products

Opensourcepos

CVE-2026-26745

Weakness Enumeration

Related Identifiers

Affected Products

References · 5