Unrated severityNVD Advisory· Published Jan 8, 2026· Updated Feb 10, 2026

CVE-2025-61548

Description

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

Affected products

edu Business Solutions/Print Shop Pro WebDeskdescription
edu Business Solutions/Print Shop Pro WebDeskllm-fuzzy
Range: = 18.34

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61548mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000