What is the CVSS score of CVE-2025-61548?

CVE-2025-61548 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Print Shop Pro Webdesk are affected by CVE-2025-61548?

Organizations using SQL Injection face critical risk from CVE-2025-61548, a SQL injection vulnerability rated CVSS 9.8.

Is there a public PoC exploit available for CVE-2025-61548?

Yes, a public proof-of-concept exploit is available for CVE-2025-61548. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-61548?

Within 24 hours: Identify all affected systems running the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Print Shop Pro Webdesk CVE-2025-61548

CRITICAL

SQL Injection (CWE-89)

2026-01-08 cve@mitre.org

SQLi Print Shop Pro Webdesk

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 18:16 vuln.today

Public exploit code

CVE Published

Jan 08, 2026 - 17:15 nvd

CRITICAL 9.8

DescriptionCVE.org

SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands

AnalysisAI

Print Shop Pro WebDesk 18.34 has SQL injection in the hfInventoryDistFormID parameter of GetUnitPrice. Combined with CVE-2025-61546 (negative quantities), this endpoint has two critical vulnerabilities. PoC available, fixed in 19.69.

Technical ContextAI

The hfInventoryDistFormID parameter is directly concatenated into SQL queries (CWE-89). This is the same endpoint affected by CVE-2025-61546, indicating a broader lack of input validation.

RemediationAI

Update to version 19.69. Implement parameterized queries.

CVE-2025-61548 vulnerability details – vuln.today

Back

Print Shop Pro Webdesk CVE-2025-61548

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code