CVE-2026-1600 | Bdtask Bhojon All-In-One Restaurant Management System up to 20260116 Add-to-Cart Submission Endpoint /hungry/addtocart price/allprice logic error

Inserito da Angelo Barbosa | Gen 29, 2026 | CVE

A vulnerability marked as problematic has been reported in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-to-Cart Submission Endpoint. The manipulation of the argument price/allprice leads to business logic errors.

This vulnerability is documented as CVE-2026-1600. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1600 | Bdtask Bhojon All-In-One Restaurant Management System up to 20260116 Add-to-Cart Submission Endpoint /hungry/addtocart price/allprice logic error

Post correlati

CVE-2024-48396 | AIML Chatbot up to 1.0 message cross site scripting

CVE-2025-1225 | ywoa up to 2024.07.03 WXCallBack Interface XMLParse.java extract xml external entity reference (IBI81R)

CVE-2024-33808 | campcodes Complete Web-Based School Management System 1.0 /model/get_timetable.php id sql injection

CVE-2025-25742 | D-Link DIR-853 A1 1.20B07 SetSysEmailSettings Module AccountPassword stack-based overflow