GCVE - cpe:2.3:a:bdtask:saleserp:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bdtask:saleserp:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Bdtask (`59fedb6e-3a79-5d6b-9825-116d620b5d82`)
Product	Saleserp (`ec3d4031-7dba-56e5-b0f3-bc0efa88438a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-1597`	vulnerable	2026-06-03 15:14:44.713961	Bdtask SalesERP Administrative Endpoint improper authorization MEDIUM (6.3) A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-01-29T16:32:05.836Z Updated: 2026-02-23T09:05:43.347Z Open on db.gcve.eu Reference links https://vuldb.com/?id.343359 https://vuldb.com/?ctiid.343359 https://vuldb.com/?submit.740735 https://github.com/4m3rr0r/PoCVulDb/issues/11 https://www.youtube.com/watch?v=KSducixS3pk	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13178`	vulnerable	2026-06-03 14:58:45.658238	Bdtask/CodeCanyon SalesERP User Profile edit_profile cross site scripting LOW (3.5) A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-11-14T19:02:10.138Z Updated: 2025-11-14T21:40:01.378Z Open on db.gcve.eu Reference links https://vuldb.com/?id.332468 https://vuldb.com/?ctiid.332468 https://vuldb.com/?submit.684820 https://github.com/4m3rr0r/PoCVulDb/issues/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13177`	vulnerable	2026-06-03 14:58:45.656038	Bdtask/CodeCanyon SalesERP cross-site request forgery MEDIUM (4.3) A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-11-14T19:02:07.421Z Updated: 2025-11-17T20:41:11.611Z Open on db.gcve.eu Reference links https://vuldb.com/?id.332467 https://vuldb.com/?ctiid.332467 https://vuldb.com/?submit.684819 https://github.com/4m3rr0r/PoCVulDb/issues/1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.