Bdtask Saleserp vulnerabilities
3 known vulnerabilities affecting bdtask/saleserp.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-1597P2HIGHCVSS 8.8v2026-01-16v202601162026-01-29
CVE-2026-1597 [HIGH] CWE-266 CVE-2026-1597: A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown pr
A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacte
nvd
CVE-2025-13177P3HIGHCVSS 8.8≤ 2025-10-16v202507282025-11-14
CVE-2025-13177 [HIGH] CWE-352 CVE-2025-13177: A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown p
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd
CVE-2025-13178P4MEDIUMCVSS 5.4≤ 2025-10-24v202507282025-11-14
CVE-2025-13178 [MEDIUM] CWE-74 CVE-2025-13178: A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unkno
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may
nvd