CVE-2025-61548

Published January 8th, 2026

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

chndlrx/vulnerability-disclosures

Public disclosures of software vulnerabilities discovered and responsibly reported by Chandler Johnson. Includes CVEs, technical writeups, and proof-of-concepts.

GitHub