Plataforma
php
Componente
pocvuldb
Corregido en
20250320.0.1
20250320.0.1
A cross-site request forgery (CSRF) vulnerability exists in Bdtask Wholesale Inventory Control and Inventory Management System, affecting versions up to 20250320. This flaw allows an attacker to trick a user into performing actions they did not intend, potentially leading to unauthorized modifications or deletions of data. The vulnerability has been publicly disclosed and a fix is available. Upgrade to version 20250320.0.1 to mitigate the risk.
The CSRF vulnerability in Wholesale Inventory Control System allows an attacker to craft malicious requests that appear to originate from a legitimate user. Successful exploitation could result in unauthorized changes to inventory data, creation of new users with elevated privileges, or even the execution of administrative functions. The impact is amplified if users have weak passwords or reuse credentials across multiple sites. This vulnerability is particularly concerning for systems handling sensitive inventory information or financial transactions, as attackers could manipulate data for financial gain or disrupt business operations. The public disclosure of this vulnerability increases the likelihood of exploitation.
This vulnerability was publicly disclosed on 2025-11-14. The vendor was notified but did not respond. The availability of a public proof-of-concept significantly increases the risk of exploitation. While no active campaigns have been confirmed, the ease of exploitation makes it a likely target for opportunistic attackers. The vulnerability is not currently listed on CISA KEV.
Organizations using Bdtask Wholesale Inventory Control and Inventory Management System, particularly those with limited security resources or those who have not implemented robust input validation and output encoding practices, are at significant risk. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable, as an attacker could potentially exploit the vulnerability to gain access to other users' accounts.
• php: Examine web server access logs for suspicious POST requests to inventory management endpoints. Look for unusual user agents or referrers.
grep -i -E 'inventory|stock' /var/log/apache2/access.log | grep -i -E 'POST'• generic web: Check for unexpected changes to inventory data or user accounts. Implement integrity checks on critical data fields. • generic web: Review response headers for signs of CSRF tokens or other security measures. Absence of these measures could indicate a vulnerability. • php: Use a static code analysis tool to identify potential CSRF vulnerabilities in the application's codebase.
discovery
disclosure
patch
Estado del Exploit
EPSS
0.07% (22% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-13179 is to upgrade to version 20250320.0.1. If an immediate upgrade is not possible, implement strict input validation and output encoding to prevent malicious data from being processed. Consider implementing CSRF protection mechanisms, such as synchronizer tokens or the SameSite cookie attribute, to further reduce the attack surface. Monitor web application firewalls (WAFs) for suspicious requests targeting the affected endpoints. Review user access controls and enforce the principle of least privilege to limit the potential impact of a successful attack.
Actualice el sistema Wholesale Inventory Control and Inventory Management System a una versión posterior a 20250320, si está disponible, para mitigar la vulnerabilidad CSRF. Si no hay actualizaciones disponibles, considere implementar protecciones CSRF personalizadas en el sistema, como tokens CSRF en los formularios y validación en el lado del servidor. Consulte la documentación del sistema o contacte al proveedor para obtener instrucciones específicas.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-13179 is a cross-site request forgery (CSRF) vulnerability affecting Bdtask Wholesale Inventory Control and Inventory Management System versions up to 20250320, allowing attackers to perform unauthorized actions.
You are affected if you are using Bdtask Wholesale Inventory Control and Inventory Management System version 20250320 or earlier.
Upgrade to version 20250320.0.1 to resolve the vulnerability. Implement input validation and CSRF protection as interim measures.
While no active campaigns have been confirmed, the public disclosure and availability of a proof-of-concept increase the risk of exploitation.
Refer to the Bdtask website or CodeCanyon product page for the latest advisory and update information.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.