A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/4m3rr0r/PoCVulDb/issues/11 | Exploit Issue Tracking Third Party Advisory |
| https://vuldb.com/?ctiid.343359 | Permissions Required VDB Entry |
| https://vuldb.com/?id.343359 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.740735 | Third Party Advisory VDB Entry |
| https://www.youtube.com/watch?v=KSducixS3pk | Exploit |
Configurations
History
20 Feb 2026, 14:43
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/4m3rr0r/PoCVulDb/issues/11 - Exploit, Issue Tracking, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.343359 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.343359 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.740735 - Third Party Advisory, VDB Entry | |
| References | () https://www.youtube.com/watch?v=KSducixS3pk - Exploit | |
| First Time |
Bdtask
Bdtask saleserp |
|
| CPE | cpe:2.3:a:bdtask:saleserp:2026-01-16:*:*:*:*:*:*:* |
29 Jan 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-29 17:16
Updated : 2026-02-20 14:43
NVD link : CVE-2026-1597
Mitre link : CVE-2026-1597
CVE.ORG link : CVE-2026-1597
JSON object : View
Products Affected
bdtask
- saleserp