exploitDog

CVE-2025-61548

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

Ссылки

EPSS

Процентиль: 23%

0.00074

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-82hr-pf96-mj72

CVSS3: 9.8

github

30 дней назад

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

EPSS

Процентиль: 23%

0.00074

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89