Vulnerability Details CVE-2018-17110
Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2018-17110
-
cpe:2.3:a:tecdiary:simple_pos:4.0.24