A
security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admin_dashboard/edit_profile. Such manipulation of the argument first_name/last_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-12287.md | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.329955 | Permissions Required VDB Entry |
| https://vuldb.com/?id.329955 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.674274 | Third Party Advisory VDB Entry |
Configurations
History
24 Nov 2025, 12:07
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Bdtask wholesale
Bdtask |
|
| CPE | cpe:2.3:a:bdtask:wholesale:*:*:*:*:*:*:*:* | |
| References | () https://github.com/4m3rr0r/PoCVulDb/blob/main/CVE-2025-12287.md - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.329955 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.329955 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.674274 - Third Party Advisory, VDB Entry |
27 Oct 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-27 15:15
Updated : 2025-11-24 12:07
NVD link : CVE-2025-12287
Mitre link : CVE-2025-12287
CVE.ORG link : CVE-2025-12287
JSON object : View