CVE-2025-61548
CRITICALedu Business Solutions Print Shop Pro WebDesk <19.69 - SQL Injection
Title source: llmDescription
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61548
Scores
CVSS v3
9.8
EPSS
0.0014
EPSS Percentile
34.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
edubusinesssolutions/print_shop_pro_webdesk
18.34
Published
Jan 08, 2026
Tracked Since
Feb 18, 2026