CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 2CVE-2023-36347
https://notcve.org/view.php?id=CVE-2023-36347
30 Jun 2023 — A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. • https://www.youtube.com/watch?v=7qaIeE2cyO4 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 3CVE-2023-36346 – Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-36346
23 Jun 2023 — POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. Sales of Cashier Goods version 1.0 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51549 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-36345
https://notcve.org/view.php?id=CVE-2023-36345
23 Jun 2023 — A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. • https://youtu.be/KxjsEqNWU9E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 3CVE-2023-36348 – POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-36348
23 Jun 2023 — POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. POS Codekop version 2.0 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/51551 • CWE-862: Missing Authorization •