| 标题 | Bdtask Multi-Store Inventory Management System 1.0 Code Injection |
|---|
| 描述 | A remote code execution vulnerability was found in bdtask Multi-Store Inventory Management System 1.0. It affects the function upload() of the file application/modules/dashboard/controllers/Module.php of the component Module Upload Handler.
The manipulation of the argument module leads to remote code execution. The attack may be initiated remotely. Authentication is required.
The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|---|
| 来源 | ⚠️ https://github.com/kevin57545/CVE/blob/main/bdtask-multi-store-rce.md |
|---|
| 用户 | Kevin57545 (UID 97896) |
|---|
| 提交 | 2026-05-05 12時50分 (1 月前) |
|---|
| 管理 | 2026-05-30 13時06分 (25 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367429 [Bdtask Multi-Store Inventory Management System 1.0 Component Module.php upload module 权限提升] |
|---|
| 积分 | 20 |
|---|