CVE-2026-8802 | opensourcepos Open Source Point of Sale up to 3.4.2 Items.php getPicThumb pic_filename path traversal (GHSA-xq63-3v4g-39r5)

Inserito da Angelo Barbosa | Mag 18, 2026 | CVE

A vulnerability classified as critical was found in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic_filename results in path traversal.

This vulnerability is cataloged as CVE-2026-8802. The attack may be launched remotely. There is no exploit available.

A patch should be applied to remediate this issue.

The vendor was contacted early about this disclosure.

CVE-2026-8802 | opensourcepos Open Source Point of Sale up to 3.4.2 Items.php getPicThumb pic_filename path traversal (GHSA-xq63-3v4g-39r5)

Post correlati

CVE-2024-24885 | Lê Văn Toản Woocommerce Vietnam Checkout Plugin up to 2.0.7 on WordPress cross site scripting

CVE-2024-3664 | Quick Featured Images Plugin up to 13.7.0 on WordPress Thumbnail authorization

CVE-2024-52331 | ECOVACS Robot Lawn Mower/Robot Vacuum Firmware Update code download

CVE-2024-11915 | RRAddons for Elementor Plugin up to 1.1.0 on WordPress information disclosure