9.8
/ 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands
AI Analysis
SQL Injection vulnerability in Print Shop Pro WebDesk due to unsanitized user input in SQL queries
Basic Information
ID
CVE-2025-61548
Source
mitre
Published
Jan 8, 2026 at 00:00
Modified
Jan 8, 2026 at 19:44
Affected Product
Vendor
edu Business Solutions
Product
Print Shop Pro WebDesk
Version
18.34
Affected Versions
n/a n/a n/a
CWE Classification
AI Assessment
AI Score
9.8 / 10
AI Severity
Critical
Vendor
edu Business Solutions
Product
Print Shop Pro WebDesk
Version
18.34