Vulnerability Description
A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Checkout. Executing a manipulation of the argument orggrandTotal/vat/service_charge/grandtotal can lead to business logic errors. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bdtask | Bhojon | <= 2026-01-16 |
Related Weaknesses (CWE)
References
- https://github.com/4m3rr0r/PoCVulDb/issues/13ExploitIssue TrackingMitigation
- https://vuldb.com/?ctiid.343361Permissions RequiredVDB Entry
- https://vuldb.com/?id.343361Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.740740Third Party AdvisoryVDB Entry
- https://www.youtube.com/watch?v=n7xLBAOrKAUExploit
FAQ
What is CVE-2026-1599?
CVE-2026-1599 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Chec...
How severe is CVE-2026-1599?
CVE-2026-1599 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1599?
Check the references section above for vendor advisories and patch information. Affected products include: Bdtask Bhojon.