Skip to main content

Flight Booking Software

2 CVEs product

Monthly

CVE-2025-12223 LOW POC Monitor

Unrestricted file upload in Bdtask Flight Booking Software up to version 3.1 via the Package Information Module endpoint /b2c/package-information allows authenticated remote attackers to upload arbitrary files with low confidentiality and integrity impact. Publicly available exploit code exists; the vulnerability carries a low CVSS score (2.1) due to requiring prior authentication and limited scope, but the ease of exploitation (AC:L, public POC) and vendor non-responsiveness elevate practical risk for deployed instances.

Authentication Bypass File Upload Flight Booking Software
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-12222 LOW POC Monitor

Unrestricted file upload in Bdtask Flight Booking Software up to version 3.1 allows authenticated remote attackers to upload arbitrary files via the /admin/transaction/deposit endpoint. The vulnerability requires valid user credentials (PR:L in CVSS vector) but grants attackers capability to upload files with minimal scope impact. Public exploit code is available, though the very low EPSS score (0.02%) and lack of CISA KEV listing suggest limited real-world exploitation despite disclosure.

Authentication Bypass File Upload Flight Booking Software
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
EPSS 0% CVSS 2.1
LOW POC Monitor

Unrestricted file upload in Bdtask Flight Booking Software up to version 3.1 via the Package Information Module endpoint /b2c/package-information allows authenticated remote attackers to upload arbitrary files with low confidentiality and integrity impact. Publicly available exploit code exists; the vulnerability carries a low CVSS score (2.1) due to requiring prior authentication and limited scope, but the ease of exploitation (AC:L, public POC) and vendor non-responsiveness elevate practical risk for deployed instances.

Authentication Bypass File Upload Flight Booking Software
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Unrestricted file upload in Bdtask Flight Booking Software up to version 3.1 allows authenticated remote attackers to upload arbitrary files via the /admin/transaction/deposit endpoint. The vulnerability requires valid user credentials (PR:L in CVSS vector) but grants attackers capability to upload files with minimal scope impact. Public exploit code is available, though the very low EPSS score (0.02%) and lack of CISA KEV listing suggest limited real-world exploitation despite disclosure.

Authentication Bypass File Upload Flight Booking Software
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy