exploitDog

GHSA-82hr-pf96-mj72

Опубликовано: 08 янв. 2026

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

Ссылки

EPSS

Процентиль: 30%

0.00111

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-61548

CVSS3: 9.8

nvd

30 дней назад

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

EPSS

Процентиль: 30%

0.00111

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89