PT-2025-43876 · Unknown · Bdtask Flight Booking
4M3Rr0R
+1
·
Published
2025-10-27
·
Updated
2025-11-21
·
CVE-2025-12222
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bdtask Flight Booking Software versions prior to 3.1
Description
A security issue exists in Bdtask Flight Booking Software. The issue involves unrestricted upload capabilities through an unknown functionality within the
/admin/transaction/deposit file of the Deposit Handler component. This manipulation can be initiated remotely. The exploit has been publicly disclosed, and the vendor was informed but did not respond.Recommendations
Update Bdtask Flight Booking Software to a version later than 3.1.
Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bdtask Flight Booking