CVE-2026-26725

Critical CVSS: 9.8

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter.

Vendor

Product

CWE

Yayın Tarihi

2026-02-20 17:25:55

Güncelleme

2026-02-26 21:32:14

Source Identifier

cve@mitre.org

KEV Date Added

CWE-269 Print Shop Pro Webdesk CRITICAL Edubusinesssolutions 2026

https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2026-26725

Critical

CVE-2025-61546

There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro W…

Medium

CVE-2025-61547

Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 1…

Critical

CVE-2025-61548

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpo…

Medium

CVE-2025-61549

Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu B…

Medium

CVE-2025-61550

Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/Temp…