Skip to main content

Wallacepos

4 CVEs product

Monthly

CVE-2019-3960 HIGH POC This Week

Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Wallacepos
NVD
CVSS 3.0
7.2
EPSS
3.0%
CVE-2019-3959 HIGH POC This Week

Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wallacepos
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-3958 MEDIUM POC This Month

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wallacepos
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2017-7388 MEDIUM POC This Month

A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wallacepos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
EPSS 3% CVSS 7.2
HIGH POC This Week

Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wallacepos
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wallacepos
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wallacepos
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy