CVE-2025-61546

Critical CVSS: 9.1

There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.

Vendor

Edubusinesssolutions

Product

Print Shop Pro Webdesk

CWE

CWE-20

Yayın Tarihi

2026-01-08 17:15:48

Güncelleme

2026-02-10 18:16:19

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-20 Print Shop Pro Webdesk CRITICAL Edubusinesssolutions 2026

Referanslar

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61546

Benzer Kayıtlar

Critical

CVE-2026-26725

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via th…

Medium

CVE-2025-61547

Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 1…

Critical

CVE-2025-61548

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpo…

Medium

CVE-2025-61549

Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu B…

Medium

CVE-2025-61550

Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/Temp…