CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3151 – Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-3151
02 Apr 2024 — A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1oTqULJy357Z4dk85vPR_yMFXRNhwZywX/view?usp=sharing • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2996 – Bdtask Multi-Store Inventory Management System Page Title cross site scripting
https://notcve.org/view.php?id=CVE-2024-2996
27 Mar 2024 — A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://drive.google.com/file/d/115tr5PJ_RmSlaLR_jLXPyJse6ojSFRxu/view?usp=drivesdk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2639 – Bdtask Wholesale Inventory Management System session fixiation
https://notcve.org/view.php?id=CVE-2024-2639
19 Mar 2024 — A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. • https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-28993
https://notcve.org/view.php?id=CVE-2022-28993
20 May 2022 — Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. Multi Store Inventory Management System versión v1.0, permite a atacantes llevar a cabo una toma de control de cuentas por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166591/Multi-Store-Inventory-Management-System-1.0-Account-Takeover.html • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28991
https://notcve.org/view.php?id=CVE-2022-28991
20 May 2022 — Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. Se ha detectado que Multi Store Inventory Management System versión v1.0, contiene una vulnerabilidad de divulgación de información que permite a atacantes acceder a archivos confidenciales • https://packetstormsecurity.com/files/166590/Multi-Store-Inventory-Management-System-1.0-Information-Disclosure.html • CWE-425: Direct Request ('Forced Browsing') •