CVE-2025-12223 | Bdtask Flight Booking Software up to 3.1 Package Information /b2c/package-information unrestricted upload

Inserito da Angelo Barbosa | Ott 25, 2025 | CVE

A vulnerability labeled as critical has been found in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload.

This vulnerability is reported as CVE-2025-12223. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12223 | Bdtask Flight Booking Software up to 3.1 Package Information /b2c/package-information unrestricted upload

Post correlati

CVE-2024-23929 | Pioneer DMH-WT7600NEX Telematics path traversal (ZDI-24-1044)

CVE-2023-6609 | osCommerce 4 all-products keywords cross site scripting

CVE-2025-21039 | Samsung S Assistant up to 9.3.1 intent by broadcast receiver

CVE-2024-21917 | Rockwell Automation FactoryTalk Service Platform up to 6.3 FTSP Service signature verification (icsa-24-030-06)