| Title | Bdtask Wholesale Management System Latest version as of 2025-10-16 Cross-Site Request Forgery (CSRF) |
|---|
| Description | A Cross-Site Request Forgery (CSRF) vulnerability exists in the user profile update functionality of the Wholesale Management System. The application fails to implement anti-CSRF protection on the /Admin_dashboard/update_profile endpoint. An attacker can craft a malicious webpage that forges a request to change an authenticated user's profile details, such as their email address. Successful exploitation can lead to account takeover by allowing the attacker to use the password reset functionality on the compromised account. |
|---|
| Source | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/3 |
|---|
| User | 4m3rr0r (UID 85795) |
|---|
| Submission | 10/29/2025 14:30 (8 months ago) |
|---|
| Moderation | 11/14/2025 12:04 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 332469 [Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery] |
|---|
| Points | 20 |
|---|