| タイトル | Bdtask Multi-Store Inventory Management System 1.0 SQL Injection |
|---|
| 説明 | A SQL injection vulnerability was found in bdtask Multi-Store Inventory Management System 1.0. It affects the function accounts_report_search() of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler.
The manipulation of the argument dtpToDate leads to SQL injection. The attack may be initiated remotely. Authentication is required.
The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
|---|
| ユーザー | Kevin57545 (UID 97896) |
|---|
| 送信 | 2026年05月04日 16:28 (1 月 ago) |
|---|
| モデレーション | 2026年05月30日 07:54 (26 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 367408 [Bdtask Multi-Store Inventory Management System 1.0 Accounts Report Accounts.php accounts_report_search dtpToDate SQLインジェクション] |
|---|
| ポイント | 17 |
|---|