A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0
The Bdtask Multi-Store Inventory Management System has a SQL injection vulnerability in its accounts report search function, allowing an attacker to inject malicious SQL code. This issue can be exploited remotely and a public exploit is available. Developers should prioritize fixing this issue to prevent malicious SQL code injection.
A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDate results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Developers using the Bdtask Multi-Store Inventory Management System are at risk of SQL injection attacks, which is a medium severity risk.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
0
Affected Products
4
References
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact