CVE-2026-7782

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

CVE-2026-7783

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

CodeCanyon Perfex CRM 注入漏洞

CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the operation of the Admin Kanban endpoint in the...

CVE-2026-7782

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

CVE-2026-7783

CodeCanyon Perfex CRM up to v3.4.1 has a SQL injection in AbstractKanban::applySortQuery (Admin Kanban Endpoint: application/services/AbstractKanban.php). Attackers can remotely trigger via the affected function argument manipulation. The exploit has been published and may be used. Affected compo...

CVE-2026-7783

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

CVE-2026-7782

CodeCanyon Perfex CRM до v3.4.1 is affected by a vulnerability in the Clients::project function (file: application/controllers/Clients.php) within the Tenant Handler. Manipulating the argument ID causes an authorization bypass. The issue allows a remote attacker to exploit a public exploit, with ...

CVE-2025-13180

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13179

A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclose...

CVE-2025-13239 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution submit_checkout behavioral workflow

A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submitcheckout. Such manipulation of the argument ordertotalamount/carttotalamount leads to enforcement of...

CVE-2025-13186 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting

A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/managecustomer. This manipulation of the argument Search causes cross site scripting. The attack may be initiated...

CVE-2025-13186 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting

A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/managecustomer. This manipulation of the argument Search causes cross site scripting. The attack may be initiated...

CVE-2025-13186

CVE-2025-13186 affects Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution (up to 4.0). The vulnerability is in the file /dashboard/Ccustomer/manage_customer (also seen as /dashboard/Ccustomer/manage customer) where manipulation of the Search argument causes cross-site scripting...

EUVD-2025-197653

A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but...

CVE-2025-13185

The CVE-2025-13185 entry concerns Bdtask/CodeCanyon News365 (up to version 7.0.3). A flaw in /admin/dashboard/profile allows manipulation of profile_image/banner_image arguments, causing unrestricted file upload. This is a remote-exploit vector, with public PoC available. Multiple sources confirm...

CVE-2025-13185 Bdtask/CodeCanyon News365 profile unrestricted upload

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2025-13180

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13180 Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System edit_profile cross site scripting

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13180

CVE-2025-13180 affects Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System (versions up to 20250320). The vulnerability arises from improper handling of the first_name/last_name parameters in the /edit_profile function, enabling basic cross-site scripting. It can be expl...

EUVD-2025-197650

A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclose...