CVE-2024-2639
MEDIUMBdtask Wholesale Inventory Management System <20240311 - Session Fi...
Title source: llmDescription
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References (3)
Core 3
Core References
Permissions Required, VDB Entry vdb-entry
https://vuldb.com/?id.257245
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.257245
Various Sources exploit
https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk
Scores
CVSS v3
4.3
EPSS
0.0054
EPSS Percentile
41.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-384
Status
published
Products (1)
Bdtask/Wholesale Inventory Management System
20240311
Published
Mar 19, 2024
Tracked Since
Feb 18, 2026