CVE-2026-1599

Name of the Vulnerable Software and Affected Versions Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116

Description A business logic issue exists in the Checkout component of Bdtask Bhojon All-In-One Restaurant Management System. The issue is related to the manipulation of the orggrandTotal, vat, service charge, and grandtotal arguments within the file '/hungry/placeorder'. This manipulation can lead to business logic errors and can be exploited remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Versions prior to 20260116 should be updated. As a temporary workaround, restrict or carefully validate the orggrandTotal, vat, service charge, and grandtotal arguments in the '/hungry/placeorder' file.