CVE-2025-11594

MEDIUM

ywxbear PHP-Bookstore-Website-Example <0e0b9f542f7a2d90a8d7f8c83cac...

Title source: llm

Description

A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry

https://vuldb.com/?id.327915

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.327915

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.671737

Various Sources exploit

https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0034

EPSS Percentile 25.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-1284 CWE-703

Status published

Products (2)

ywxbear/PHP Basic BookStore Website 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4

ywxbear/PHP-Bookstore-Website-Example 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4

Published Oct 11, 2025

Tracked Since Feb 18, 2026