Skip to main content

Point Of Sales

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-12294 LOW POC Monitor

SQL injection in SourceCodester Point of Sales 1.0 via the ID parameter in /delete_category.php allows high-privilege remote attackers to manipulate database queries. The vulnerability requires administrative credentials (PR:H) but carries low confidentiality, integrity, and availability impact. Public exploit code exists, though EPSS score (0.03%) suggests limited real-world exploitation despite public availability.

PHP SQLi Point Of Sales
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12293 MEDIUM POC This Month

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

PHP SQLi Point Of Sales
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12292 MEDIUM POC This Month

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Point Of Sales
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12294
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in SourceCodester Point of Sales 1.0 via the ID parameter in /delete_category.php allows high-privilege remote attackers to manipulate database queries. The vulnerability requires administrative credentials (PR:H) but carries low confidentiality, integrity, and availability impact. Public exploit code exists, though EPSS score (0.03%) suggests limited real-world exploitation despite public availability.

PHP SQLi Point Of Sales
NVD GitHub VulDB
CVE-2025-12293
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

PHP SQLi Point Of Sales
NVD GitHub VulDB
CVE-2025-12292
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Point Of Sales
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy