Kevin57545

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get headers of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

**Name of the Vulnerable Software and Affected Versions** Bdtask Multi-Store Inventory Management System version 1.0 **Description** An unrestricted file upload flaw exists in the Component Module. A remote attacker can manipulate the `module` argument within the `Upload()` function of the file `application/modules/dashboard/controllers/Module.php` to upload files without proper restrictions. **Recommendations** Update Bdtask Multi-Store Inventory Management System to a version newer than 1.0. As a temporary workaround, restrict access to the `Upload()` function in `application/modules/dashboard/controllers/Module.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bdtask Multi-Store Inventory Management System version 1.0 **Description** An issue exists in the Accounts Report Handler component where the `accounts report search()` function in the file application/modules/accounts/controllers/Accounts.php is susceptible to SQL injection. This occurs when the `dtpToDate` argument is manipulated, allowing a remote attacker to execute unauthorized database queries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.