LOW
Bdtask
CVE published 2026-05-31
CVE-2026-10155
A SQL injection vulnerability exists in Bdtask Multi-Store Inventory Management System 1.0, specifically within the `accounts_report_search` function in `application/modules/accounts/controllers/Accounts.php`. The `dtpToDate` parameter is susceptible to manipulation, allowing remote attackers to inject arbitrary SQL commands. The CVSS 4.0 vector indicates network attack vector with low attack complexity, [truncated]