{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T18:26:16.509","vulnerabilities":[{"cve":{"id":"CVE-2022-40291","sourceIdentifier":"vdp@themissinglink.com.au","published":"2022-10-31T21:15:12.967","lastModified":"2025-05-06T20:15:24.450","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nThe application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.\n\n"},{"lang":"es","value":"La aplicación era vulnerable a ataques de Cross-Site Request Forgery (CSRF), lo que permitía a un atacante obligar a los usuarios a enviar solicitudes maliciosas al sitio para eliminar su cuenta o, en circunstancias excepcionales, secuestrar su cuenta y crear otras cuentas de administrador.\n"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"vdp@themissinglink.com.au","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phppointofsale:php_point_of_sale:19.0:*:*:*:*:*:*:*","matchCriteriaId":"7CE86DBF-3841-4144-B646-FB22C2E12758"}]}]}],"references":[{"url":"https://www.themissinglink.com.au/security-advisories/cve-2022-40291","source":"vdp@themissinglink.com.au","tags":["Third Party Advisory"]},{"url":"https://www.themissinglink.com.au/security-advisories/cve-2022-40291","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}