← back
CVE-2026-10155

Bdtask Multi-Store Inventory Management System Accounts Report Accounts.php accounts_report_search sql injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-74CWE-89
A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDate results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
Bdtask · Multi-Store Inventory Management System
public PoCs found1
cve_referencegithub.com/kevin57545/CVE/blob/main/README.mdunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/kevin57545/CVE/blob/main/README.mdhttps://vuldb.com/submit/818863https://vuldb.com/vuln/367408https://vuldb.com/vuln/367408/cti