Описание
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2025-10-16 (включая)
cpe:2.3:a:bdtask:saleserp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00047
Низкий
4.3 Medium
CVSS3
8.8 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 4.3
github
3 месяца назад
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS
Процентиль: 14%
0.00047
Низкий
4.3 Medium
CVSS3
8.8 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-352
CWE-352