<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">

CVE-2020-29285: SQL injection in POS in PHP/ PDO 1.0

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.

Picture11

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is 9.8 critical. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

1.3        Affected Version

Point of Sales software PDO package in PHP- Version 1.0.

1.4        Vulnerability Attribution

The advisory is shared at github.com

1.5        Risk Impact

Exploit is available in public domain here.

This Point of Sale is a web-based system that is made up of PHP, JavaScript and CSS. The Point-of-Sale System has two sides, the admin and the user side. The admin is the one who manages all the processes of the system from the sales report, products, customers and many more. In short, the admin plays an important role in this Point of Sale in PHP/PDO. The main purpose of this Point of Sale in PHP/PDO is to help easily manage the product sale records.

Nowadays, majority of store owners have replaced their old registers with POS and use the automated Point of Sale system to make sure that all their store operations run smoothly. So, if you are a retail store owner and you are looking for a Point of Sale in PHP/PDO, this one is just right for you. Exploiting this vulnerability can lead to exfiltration of sensitive customer data from POS database

1.6        Virsec Security Platform (VSP) Support:

The Virsec Security Platform (VSP)- Web has capability that can detect all types of SQL injection attack and prevent this attack from being exploited.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.