ГлавнаяУязвимости → CVE-2025-61548
9.8критическая

CVE-2025-61548

Описание

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

Затрагиваемое ПО
Edubusinesssolutions Print shop pro webdesk
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61548https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61548