Unrated severityNVD Advisory· Published Jan 8, 2026· Updated Feb 10, 2026
CVE-2025-61548
CVE-2025-61548
Description
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 18.34
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.