CVE-2026-1599 | Bdtask Bhojon All-In-One Restaurant Management System up to 20260116 Checkout /hungry/placeorder orggrandTotal/vat/service_charge/grandtotal logic error

Inserito da Angelo Barbosa | Gen 29, 2026 | CVE

A vulnerability labeled as problematic has been found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Checkout. Executing a manipulation of the argument orggrandTotal/vat/service_charge/grandtotal can lead to business logic errors.

This vulnerability is registered as CVE-2026-1599. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1599 | Bdtask Bhojon All-In-One Restaurant Management System up to 20260116 Checkout /hungry/placeorder orggrandTotal/vat/service_charge/grandtotal logic error

Post correlati

CVE-2024-40945 | Linux Kernel up to 5.4.278/5.10.220/5.15.161/6.6.34/6.9.5 iommu_sva_bind_device null pointer dereference

CVE-2025-37963 | Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc6 arm64 privilege escalation

CVE-2025-1411 | IBM Security Verify Directory up to 10.0.3.1 unnecessary privileges

CVE-2024-10862 | NEX-Forms Plugin up to 8.7.13 on WordPress sql injection