Bdtask SalesERP Administrative Endpoint improper authorization

A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

授权机制不恰当

Bdtask SalesERP 授权问题漏洞

Bdtask SalesERP是孟加拉国Bdtask公司的一个销售企业资源规划软件。 Bdtask SalesERP 20260116及之前版本存在授权问题漏洞，该漏洞源于对参数ci_session的错误操作导致授权不当。

N/A

N/A