SQL Injection Flaw Found in Open Source Point of Sale

/HIGH
SCW vulnerabilitycvetools
SQL Injection Flaw Found in Open Source Point of Sale

CVE Notify is flagging a critical SQL injection vulnerability, CVE-2026-32888, impacting Open Source Point of Sale (OSPOS), a PHP-based web application built on the CodeIgniter framework. The vulnerability lies within the item search functionality, specifically when the custom attribute search feature (search_custom filter) is active. According to CVE Notify, user input from the search GET parameter is directly inserted into a HAVING clause without proper sanitization or parameterization. This oversight allows an authenticated attacker, even with basic item search privileges, to craft malicious queries and execute arbitrary SQL commands against the database. At the time of the advisory’s publication, a patch was not yet available, leaving instances of OSPOS exposed.

This exploit is particularly concerning because it targets an application handling sensitive sales and inventory data. An attacker could potentially exfiltrate customer information, manipulate sales records, or even compromise the integrity of the entire system. The reliance on unparameterized input in database queries is a classic, yet persistent, coding error that can have devastating consequences.

What This Means For You

  • For organizations using Open Source Point of Sale, prioritize patching this vulnerability immediately once a fix is released by the developers. In the interim, consider disabling the 'search_custom' filter feature if possible and implement strict input validation and parameterized queries for all database interactions within your own custom code to prevent similar SQL injection attacks.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Database Components Initial Access T1189 Drive-by Compromise Initial Access

πŸ›‘οΈ Detection Rules

1 rule Β· 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.

high T1190 Initial Access

Web Application Exploitation Attempt β€” CVE-2026-32888

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

Indicators of Compromise

IDTypeIndicator
CVE-2026-32888 SQLi Open Source Point of Sale, affected versions not specified, Items search functionality, search_custom filter enabled, user-supplied input from search GET parameter interpolated into HAVING clause without sanitization.
CVE-2026-32888 SQLi Open Source Point of Sale, affected versions not specified, CodeIgniter framework, Items search functionality, search_custom filter enabled, user-supplied input from search GET parameter interpolated into HAVING clause without sanitization.

By Shimi's Cyber World Editorial

Related coverage

npm Boosts Supply Chain Security with 2FA-Gated Staged Publishing

GitHub has rolled out new controls for npm, significantly enhancing software supply chain security. The Hacker News reports that these features, now generally available, introduce...

threat-intelvulnerabilityidentitytools
/SCW Vulnerability Desk /HIGH /⚑ 2 IOCs /⚙ 2 Sigma

Packagist Supply Chain Attack Infects 8 Packages with Linux Malware

A new, coordinated supply chain attack has compromised eight packages on Packagist. The attack injects malicious code designed to retrieve and execute a Linux binary...

threat-intelvulnerabilitymalwaretools
/SCW Vulnerability Desk /HIGH /⚑ 3 IOCs /⚙ 2 Sigma

Laravel-Lang PHP Packages Compromised with Cross-Platform Credential Stealer

The Hacker News reports a significant software supply chain attack targeting multiple PHP packages under the Laravel-Lang project. Attackers compromised these packages to distribute a...

threat-intelvulnerabilitymalwareidentitytools
/SCW Vulnerability Desk /HIGH /⚑ 5 IOCs /⚙ 2 Sigma