CNNVD-202510-3637 Information

CNNVD ID

CNNVD-202510-3637

Related CVE

CVE-2025-12223

• CNNVD Published: 2025-10-27

Description (Chinese)

Bdtask Flight Booking Software是孟加拉国Bdtask公司的一个航空订票软件。 Bdtask Flight Booking Software 3.1及之前版本存在代码问题漏洞，该漏洞源于文件/b2c/package-information中组件Package Information Module存在上传限制缺失，可能导致远程上传攻击。

Description (English)

Bdtask Bright Booking Software is an aviation booking software for Bdtask in Bangladesh. Bdtask Light Booking Software 3.1 and previous versions had a code problem loophole, which stemmed from the lack of upload restrictions for the Package Information Modeule component in document/b2c/package-information, which could lead to a remote upload attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Bdtask

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-12223.md https://vuldb.com/?ctiid.329893 https://vuldb.com/?id.329893 https://vuldb.com/?submit.673436