| Titre | Bdtask Multi-Store Inventory Management System 1.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability was found in bdtask Multi-Store Inventory Management System 1.0. It affects the function accounts_report_search() of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler.
The manipulation of the argument dtpToDate leads to SQL injection. The attack may be initiated remotely. Authentication is required.
The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
|---|
| Utilisateur | Kevin57545 (UID 97896) |
|---|
| Soumission | 04/05/2026 16:28 (il y a 1 mois) |
|---|
| Modérer | 30/05/2026 07:54 (26 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 367408 [Bdtask Multi-Store Inventory Management System 1.0 Accounts Report Accounts.php accounts_report_search dtpToDate injection SQL] |
|---|
| Points | 17 |
|---|