Handler on Duty: Guy Bruneau
Threat Level: green
| Published | 2026-05-31 00:16:33 |
|---|---|
| Last Modified | 2026-05-31 00:16:33 |
| AKA | CVE-2026-10155 |
| Summary | A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDate results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. |
| CVSS Score | 5.8 |
| Access Vector | Local | Adjacent | Network |
|---|---|---|---|
| Access Complexity | Low | Medium | High |
| Authentication | None | Single | Multiple |
| Confidentiality | None | Partial | Complete |
| Integrity | None | Partial | Complete |
| Availability | None | Partial | Complete |