CVE-2020-36012

Name of the Vulnerable Software and Affected Versions: BDTASK Multi-Store Inventory Management System version 1.0

Description: The issue allows a local admin to inject arbitrary code via the Customer Name Field. This enables the execution of malicious scripts, potentially leading to unauthorized access or data manipulation.

Recommendations: For BDTASK Multi-Store Inventory Management System version 1.0, consider restricting access to the Customer Name Field to prevent arbitrary code injection until a patch is available. As a temporary workaround, validate and sanitize all user input in the Customer Name Field to minimize the risk of exploitation.