Description
A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Execution
Action: Patch Immediately
AI Analysis

Impact

A vulnerability exists in go2ismail’s Asp.Net-Core-Inventory-Order-Management-System up to version 9.20250118 within an unspecified administrative interface function. By manipulating a client‑side redirect, an attacker can cause the application to execute code after the redirect, effectively enabling remote execution of unauthorized instructions. This weakness is classified under CWE‑698 and CWE‑705, indicating that application‑specific permissions and unsafe redirect handling are the root causes.

Affected Systems

The affected software is go2ismail’s Asp.Net-Core-Inventory-Order-Management-System, versions prior to and including 9.20250118. No other vendors or versions are listed.

Risk and Exploitability

The CVSS base score is 5.3, placing the flaw in the moderate range. The current EPSS score is below 1 %, suggesting that exploitation attempts are expected to be rare, yet the vulnerability is publicly disclosed and could be leveraged remotely. Because the flaw operates in the administrative interface, an attacker only needs to reach that portion of the application, possibly by supplying a crafted request that triggers an unsafe redirect. The flaw is not listed in the CISA KEV catalog, but the lack of a published patch means the risk persists until a fix is applied.

Generated by OpenCVE AI on April 17, 2026 at 14:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch that raises the system version beyond 9.20250118 to address the redirect flaw.
  • Until a patch is available, modify the application configuration or code to disable or safely validate the administrative redirect, ensuring only whitelisted URLs are accepted.
  • Restrict administrative interface access to trusted IP ranges by using firewall rules or reverse‑proxy authentication, reducing the surface for remote exploitation.
  • Enable detailed logging of redirect events and periodically audit logs for suspicious activity to detect potential attacks early.

Generated by OpenCVE AI on April 17, 2026 at 14:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Mar 2026 00:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:go2ismail:asp.net-core-inventory-order-management-system:*:*:*:*:*:*:*:*

Fri, 27 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Go2ismail
Go2ismail asp.net-core-inventory-order-management-system
Vendors & Products Go2ismail
Go2ismail asp.net-core-inventory-order-management-system

Thu, 26 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title go2ismail Asp.Net-Core-Inventory-Order-Management-System Administrative redirect
Weaknesses CWE-698
CWE-705
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Go2ismail Asp.net-core-inventory-order-management-system
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-27T15:15:41.931Z

Reserved: 2026-02-26T14:39:11.322Z

Link: CVE-2026-3262

cve-icon Vulnrichment

Updated: 2026-02-27T15:15:37.018Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-26T22:20:51.980

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:30:20Z

Weaknesses