CVE-2025-13238 | Bdtask Flight Booking Software 4 Edit Profile Page /agent/profile/edit unrestricted upload

Inserito da Angelo Barbosa | Nov 15, 2025 | CVE

A vulnerability was found in Bdtask Flight Booking Software 4. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload.

This vulnerability appears as CVE-2025-13238. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13238 | Bdtask Flight Booking Software 4 Edit Profile Page /agent/profile/edit unrestricted upload

Post correlati

CVE-2024-1981 | WPvivid Backup and Migration Plugin up to 0.9.68 on WordPress sql injection

CVE-2025-10846 | Portabilis i-Educar up to 2.10 edit ID sql injection

CVE-2025-33096 | IBM Engineering Requirements Management Doors Next 7.0.2/7.0.3/7.1 File Upload recursion

CVE-2024-27989 | I Thirteen Web Solution WP Responsive Tabs Horizontal Vertical and Accordion Tabs Plugin cross site scripting