CVE-2025-61546

Published January 8th, 2026

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.

chndlrx/vulnerability-disclosures

Public disclosures of software vulnerabilities discovered and responsibly reported by Chandler Johnson. Includes CVEs, technical writeups, and proof-of-concepts.

GitHub