CVE-2025-61546
📋 TL;DR
This vulnerability in Print Shop Pro WebDesk allows remote attackers to purchase items with negative quantities, creating financial discrepancies by manipulating prices. It affects organizations using edu Business Solutions Print Shop Pro WebDesk version 18.34. The issue stems from insufficient server-side validation of client input.
💻 Affected Systems
- edu Business Solutions Print Shop Pro WebDesk
📦 What is this software?
Print Shop Pro Webdesk by Edubusinesssolutions
⚠️ Risk & Real-World Impact
Worst Case
Attackers could cause significant financial losses by generating negative charges, refunds, or manipulating inventory values, potentially leading to accounting fraud and revenue loss.
Likely Case
Attackers exploit the vulnerability to purchase items at negative prices, effectively receiving payments instead of making purchases, creating financial discrepancies.
If Mitigated
With proper server-side validation, all quantity inputs are validated before processing, preventing negative quantity exploitation.
🎯 Exploit Status
Exploitation requires access to the shopping cart functionality but is technically simple once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
No official patch available. Implement server-side validation for quantity inputs in the GetUnitPrice endpoint.
🔧 Temporary Workarounds
Implement Server-Side Validation
windowsAdd server-side validation to reject negative quantity values in the GetUnitPrice endpoint.
Modify CartV12.aspx.cs to validate quantity > 0 before processing
Web Application Firewall Rule
allBlock requests with negative quantity parameters to the vulnerable endpoint.
WAF rule: Block if request_uri contains '/GetUnitPrice' and quantity parameter < 0
🧯 If You Can't Patch
- Disable the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint if not essential
- Implement additional monitoring for unusual purchase patterns and negative quantity transactions
🔍 How to Verify
Check if Vulnerable:
Test by sending a POST request to /PSP/appNET/Store/CartV12.aspx/GetUnitPrice with a negative quantity parameter and check if it processes.Check Version:
Check web interface or configuration files for version 18.34Verify Fix Applied:
Attempt the same negative quantity request; it should be rejected with proper validation error.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /PSP/appNET/Store/CartV12.aspx/GetUnitPrice with negative quantity parameters
- Unusual purchase transactions with negative values
Network Indicators:
- POST requests containing 'quantity=-[number]' to the vulnerable endpoint
SIEM Query:
source='web_server' AND uri_path='/PSP/appNET/Store/CartV12.aspx/GetUnitPrice' AND (quantity<0 OR quantity LIKE '%-%')