CVE-2026-10155

EUVD-2026-33475
A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts_report_search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDate results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
bdtaskmulti_store_inventory_management_system
1.0
CNA
Common Weakness Enumeration
References
https://github.com/kevin57545/CVE/blob/main/README.md
https://vuldb.com/submit/818863
https://vuldb.com/vuln/367408
https://vuldb.com/vuln/367408/cti