PT-2026-5315 · Unknown · Bhojon All-In-One Restaurant Management System
4M3Rr0R
·
Published
2026-01-29
·
Updated
2026-01-29
·
CVE-2026-1599
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116
Description
A business logic issue exists in the Checkout component of Bdtask Bhojon All-In-One Restaurant Management System. The issue is related to the manipulation of the
orggrandTotal, vat, service charge, and grandtotal arguments within the file '/hungry/placeorder'. This manipulation can lead to business logic errors and can be exploited remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.Recommendations
Versions prior to 20260116 should be updated. As a temporary workaround, restrict or carefully validate the
orggrandTotal, vat, service charge, and grandtotal arguments in the '/hungry/placeorder' file.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bhojon All-In-One Restaurant Management System