CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2023-36347
https://notcve.org/view.php?id=CVE-2023-36347
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. • https://www.youtube.com/watch?v=7qaIeE2cyO4 https://yuyudhn.github.io/pos-codekop-vulnerability • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-36348 – POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. POS Codekop version 2.0 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/51551 http://packetstormsecurity.com/files/173278/POS-Codekop-2.0-Shell-Upload.html https://www.youtube.com/watch?v=Ge0zqY0sGiQ https://yuyudhn.github.io/pos-codekop-vulnerability • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-36345
https://notcve.org/view.php?id=CVE-2023-36345
A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. • https://youtu.be/KxjsEqNWU9E https://yuyudhn.github.io/pos-codekop-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2023-36346 – Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-36346
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. Sales of Cashier Goods version 1.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51549 http://packetstormsecurity.com/files/173280/Sales-Of-Cashier-Goods-1.0-Cross-Site-Scripting.html https://www.youtube.com/watch?v=bbbA-q1syrA https://yuyudhn.github.io/pos-codekop-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •