Medium severity4.3NVD Advisory· Published May 18, 2026· Updated May 18, 2026
CVE-2026-8802
CVE-2026-8802
Description
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic_filename results in path traversal. The attack may be launched remotely. The patch is identified as def0c27a0e252668df8d942fc31e16d1edfd7323. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.4.2
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.