CVE-2026-7783

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

CodeCanyon Perfex CRM 注入漏洞

CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the operation of the Admin Kanban endpoint in the...

CVE-2026-7782

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

CVE-2026-7783

CodeCanyon Perfex CRM up to v3.4.1 has a SQL injection in AbstractKanban::applySortQuery (Admin Kanban Endpoint: application/services/AbstractKanban.php). Attackers can remotely trigger via the affected function argument manipulation. The exploit has been published and may be used. Affected compo...

CVE-2026-7783

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

CVE-2026-7782

CodeCanyon Perfex CRM до v3.4.1 is affected by a vulnerability in the Clients::project function (file: application/controllers/Clients.php) within the Tenant Handler. Manipulating the argument ID causes an authorization bypass. The issue allows a remote attacker to exploit a public exploit, with ...

CVE-2025-13180

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13179

A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclose...

CVE-2025-13239 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution submit_checkout behavioral workflow

A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submitcheckout. Such manipulation of the argument ordertotalamount/carttotalamount leads to enforcement of...

CVE-2025-13186 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting

A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/managecustomer. This manipulation of the argument Search causes cross site scripting. The attack may be initiated...

CVE-2025-13186 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting

A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/managecustomer. This manipulation of the argument Search causes cross site scripting. The attack may be initiated...

CVE-2025-13186

CVE-2025-13186 affects Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution (up to 4.0). The vulnerability is in the file /dashboard/Ccustomer/manage_customer (also seen as /dashboard/Ccustomer/manage customer) where manipulation of the Search argument causes cross-site scripting...

EUVD-2025-197653

A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but...

CVE-2025-13185

The CVE-2025-13185 entry concerns Bdtask/CodeCanyon News365 (up to version 7.0.3). A flaw in /admin/dashboard/profile allows manipulation of profile_image/banner_image arguments, causing unrestricted file upload. This is a remote-exploit vector, with public PoC available. Multiple sources confirm...

CVE-2025-13185 Bdtask/CodeCanyon News365 profile unrestricted upload

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2025-13180

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13180

CVE-2025-13180 affects Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System (versions up to 20250320). The vulnerability arises from improper handling of the first_name/last_name parameters in the /edit_profile function, enabling basic cross-site scripting. It can be expl...

CVE-2025-13180 Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System edit_profile cross site scripting

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13179

A CSRF (cross-site request forgery) vulnerability affects the Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to version 20250320. The issue enables manipulation via remote, with user interaction required for exploitation, and is described across multiple sources ...

EUVD-2025-197650

A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclose...