Description
A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admin_dashboard/edit_profile. Such manipulation of the argument first_name/last_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
In Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013 ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Funktion der Datei /Admin_dashboard/edit_profile. Durch die Manipulation des Arguments first_name/last_name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz möglich. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Product status
Timeline
| 2025-10-26: | Advisory disclosed |
| 2025-10-26: | VulDB entry created |
| 2025-10-27: | VulDB entry last update |
Credits
4m3rr0r (VulDB User)
4m3rr0r (VulDB User)
References
vuldb.com/?id.329955 (VDB-329955 | Bdtask Wholesale Inventory Control and Inventory Management System edit_profile sql injection)
vuldb.com/?ctiid.329955 (VDB-329955 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.674274 (Submit #674274 | Bdtask Wholesale Inventory Control and Inventory Management System Latest version as of 2025-10-13 SQL Injection)
github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-12287.md
