Platform
php
Component
pocvuldb
Fixed in
20250320.0.1
20250320.0.1
A cross-site request forgery (CSRF) vulnerability exists in Bdtask Wholesale Inventory Control and Inventory Management System, affecting versions up to 20250320. This flaw allows an attacker to trick a user into performing actions they did not intend, potentially leading to unauthorized modifications or deletions of data. The vulnerability has been publicly disclosed and a fix is available. Upgrade to version 20250320.0.1 to mitigate the risk.
The CSRF vulnerability in Wholesale Inventory Control System allows an attacker to craft malicious requests that appear to originate from a legitimate user. Successful exploitation could result in unauthorized changes to inventory data, creation of new users with elevated privileges, or even the execution of administrative functions. The impact is amplified if users have weak passwords or reuse credentials across multiple sites. This vulnerability is particularly concerning for systems handling sensitive inventory information or financial transactions, as attackers could manipulate data for financial gain or disrupt business operations. The public disclosure of this vulnerability increases the likelihood of exploitation.
This vulnerability was publicly disclosed on 2025-11-14. The vendor was notified but did not respond. The availability of a public proof-of-concept significantly increases the risk of exploitation. While no active campaigns have been confirmed, the ease of exploitation makes it a likely target for opportunistic attackers. The vulnerability is not currently listed on CISA KEV.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13179 is to upgrade to version 20250320.0.1. If an immediate upgrade is not possible, implement strict input validation and output encoding to prevent malicious data from being processed. Consider implementing CSRF protection mechanisms, such as synchronizer tokens or the SameSite cookie attribute, to further reduce the attack surface. Monitor web application firewalls (WAFs) for suspicious requests targeting the affected endpoints. Review user access controls and enforce the principle of least privilege to limit the potential impact of a successful attack.
Update the Wholesale Inventory Control and Inventory Management System to a version later than 20250320, if available, to mitigate the CSRF vulnerability. If no updates are available, consider implementing custom CSRF protections in the system, such as CSRF tokens in forms and server-side validation. Consult the system documentation or contact the vendor for specific instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13179 is a cross-site request forgery (CSRF) vulnerability affecting Bdtask Wholesale Inventory Control and Inventory Management System versions up to 20250320, allowing attackers to perform unauthorized actions.
You are affected if you are using Bdtask Wholesale Inventory Control and Inventory Management System version 20250320 or earlier.
Upgrade to version 20250320.0.1 to resolve the vulnerability. Implement input validation and CSRF protection as interim measures.
While no active campaigns have been confirmed, the public disclosure and availability of a proof-of-concept increase the risk of exploitation.
Refer to the Bdtask website or CodeCanyon product page for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.