MidnightBSD

Advisories for codekop

CVE-2023-36345

A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.

Products Affected

Vendor Product Version
codekop codekop 2.0
CVE-2023-36346

POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.

Products Affected

Vendor Product Version
codekop codekop 2.0
CVE-2023-36347

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.

Products Affected

Vendor Product Version
codekop codekop 2.0
CVE-2023-36348

POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.

Products Affected

Vendor Product Version
codekop codekop 2.0