CVE-2025-12287

🗓️ 27 Oct 2025 14:32:06Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 5 Views🌐 WEB

CVE-2025-12287: Bdtask Wholesale Inventory System permits remote sql injection in edit_profile via first_name or last_name.

Reporter	Title	Published	Views	Family All 8
CNNVD	Bdtask Wholesale Inventory Control SQL注入漏洞	27 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-12287 Bdtask Wholesale Inventory Control and Inventory Management System edit_profile sql injection	27 Oct 202514:32	–	cvelist
EUVD	EUVD-2025-36184	27 Oct 202515:30	–	euvd
NVD	CVE-2025-12287	27 Oct 202515:15	–	nvd
OSV	CVE-2025-12287	27 Oct 202515:15	–	osv
Positive Technologies	PT-2025-43962	27 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12287	28 Oct 202515:04	–	redhatcve
Vulnrichment	CVE-2025-12287 Bdtask Wholesale Inventory Control and Inventory Management System edit_profile sql injection	27 Oct 202514:32	–	vulnrichment

NVD

Vulners

Node

bdtask wholesaleRange≤2025-10-13

[
  {
    "vendor": "Bdtask",
    "product": "Wholesale Inventory Control and Inventory Management System",
    "versions": [
      {
        "version": "20251013",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-12287.md

Parameter	Position	Path	Description	CWE
first_name	request body	Admin_dashboard/edit_profile	SQL injection vulnerability allowing arbitrary SQL via first_name/last_name in edit_profile.	CWE-74, CWE-89
last_name	request body	Admin_dashboard/edit_profile	SQL injection vulnerability allowing arbitrary SQL via first_name/last_name in edit_profile.	CWE-74, CWE-89

29 Apr 2026 01:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.14.7 - 7.2

CVSS 45.1

CVSS 25.8

CVSS 34.7

EPSS0.0001

SSVC