Описание
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:edubusinesssolutions:print_shop_pro_webdesk:18.34:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 9.1
github
30 дней назад
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.
EPSS
Процентиль: 13%
0.00044
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-20