CVE-2026-1600

A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-to-Cart Submission Endpoint. The manipulation of the argument price/allprice leads to business logic errors. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/4m3rr0r/PoCVulDb/issues/14	Exploit Issue Tracking Mitigation
https://vuldb.com/?ctiid.343362	Permissions Required VDB Entry
https://vuldb.com/?id.343362	Third Party Advisory VDB Entry
https://vuldb.com/?submit.740741	Third Party Advisory VDB Entry
https://www.youtube.com/watch?v=UESZTjVS4Fs	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:bdtask:bhojon:*:*:*:*:*:*:*:*

History

19 Feb 2026, 21:02

Type	Values Removed	Values Added
References	~~() https://github.com/4m3rr0r/PoCVulDb/issues/14 -~~	() https://github.com/4m3rr0r/PoCVulDb/issues/14 - Exploit, Issue Tracking, Mitigation
References	~~() https://vuldb.com/?ctiid.343362 -~~	() https://vuldb.com/?ctiid.343362 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.343362 -~~	() https://vuldb.com/?id.343362 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.740741 -~~	() https://vuldb.com/?submit.740741 - Third Party Advisory, VDB Entry
References	~~() https://www.youtube.com/watch?v=UESZTjVS4Fs -~~	() https://www.youtube.com/watch?v=UESZTjVS4Fs - Exploit
First Time		Bdtask Bdtask bhojon
CPE		cpe:2.3:a:bdtask:bhojon::::::::

29 Jan 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-29 18:16

Updated : 2026-02-19 21:02

NVD link : CVE-2026-1600

Mitre link : CVE-2026-1600

CVE.ORG link : CVE-2026-1600

JSON object : View

Products Affected

bdtask

bhojon

CWE

CWE-840

Business Logic Errors

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2026-1600

4.3^/10

4.0^/10

Attach tags to `CVE-2026-1600`