Bdtask Flight Booking Software Package Information package-information unrestricted upload

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-12223

Source VulDB

Published Oct 27, 2025 at 04:32

Affected Product

Vendor Bdtask

Product Flight Booking Software

Version 3.0

Affected Versions Bdtask Flight Booking Software 3.0
Bdtask Flight Booking Software 3.1

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-27T04:32:07.968Z",
    "modified": "2025-10-27T04:32:07.968Z",
    "type": "cve",
    "title": "Bdtask Flight Booking Software Package Information package-information unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329893\nhttps://vuldb.com/?ctiid.329893\nhttps://vuldb.com/?submit.673436\nhttps://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-12223.md",
    "id": "CVE-2025-12223",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Bdtask Flight Booking Software 3.0\nBdtask Flight Booking Software 3.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Flight Booking Software",
    "version": "3.0",
    "vendor": "Bdtask",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Bdtask Flight Booking Software Package Information package-information unrestricted upload_CVE-2025-12223