CVE-2024-3151 MEDIUM

CVE-2024-3151: Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery

Vendor Bdtask
Product Multi-Store Inventory Management System
Weakness CWE-352 · CSRF
Published April 2, 2024
Last update February 27, 2025
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Affected is an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258924. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

April 2, 2024 CVE published
February 27, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-38704 WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability CVE-2024-12555 SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-28948 Advantech ADAM-5630 Cross-Site Request Forgery CVE-2024-32092 WordPress Kimili Flash Embed plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-37891 WordPress Exit Popups & Onsite Retargeting by OptiMonk Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)