CVE-2025-12222
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-10-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-12222
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bdtask flight_booking_software to 3.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an unrestricted file upload flaw in Bdtask Flight Booking Software up to version 3.1, specifically in the Deposit Handler component at /admin/transaction/deposit. It allows attackers to upload malicious files, such as PHP web shells, without proper validation of file types. This can be exploited remotely and without authentication, enabling attackers to execute arbitrary commands on the server and compromise the system. [2, 3]


How can this vulnerability impact me? :

The vulnerability can lead to a full compromise of the affected system by allowing attackers to upload and execute malicious scripts remotely. This impacts the confidentiality, integrity, and availability of the system, potentially resulting in unauthorized access, data breaches, and disruption of services. [2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for unauthorized or suspicious file uploads to the /admin/transaction/deposit endpoint of the Bdtask Flight Booking Software. Since the vulnerability allows unrestricted upload of potentially malicious files such as PHP web shells, scanning the upload directory for unexpected or executable files is recommended. Network monitoring tools can be used to detect HTTP POST requests to the vulnerable endpoint. Specific commands are not provided in the resources, but general approaches include using web server logs to identify POST requests to /admin/transaction/deposit and scanning the upload directories for suspicious files. [2, 3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include disabling or restricting the file upload functionality at /admin/transaction/deposit if possible, monitoring and removing any suspicious uploaded files, and restricting access to the affected component to trusted users only. Since no official patch or vendor response is available, it is suggested to consider replacing the affected software with an alternative product. Additionally, implementing network-level protections such as web application firewalls to block malicious upload attempts can help reduce risk. [3, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart