CVE-2025-61546: Print Shop Pro WebDesk Business Logic Flaw (Negative Quantity Bypass)

# CVE-2025-61546: Print Shop Pro WebDesk Business Logic Flaw ## Information - **Summary**: Client-side validation input validation bypass enables negative quantity purchases. - **Vendor**: edu Business Solutions - **Product**: Print Shop Pro WebDesk - **Affected Asset**: https:///PSP/appNET/Store/CartV12.aspx/GetUnitPrice - **Version Vulnerable**: 18.34 - **Version Fixed**: N/A - **Researcher**: Chandler Johnson - **NIST CVE Link**: ![](https://nvd.nist.gov/vuln/detail/CVE-2025-61546) ## Description There is an issue on the `/PSP/appNET/Store/CartV12.aspx/GetUnitPrice` endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 that enables remote attackers to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls. ## CVSS Vulnerability Scoring Calculator (3.1) - **AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N** - **CVSS Base Score**: 3.7 (Low) ## Impact - Purchasing negative quantity to create financial discrepancies. ## Steps to Reproduce ### Client-Side Validation 1. Validate Print Shop Pro WebDesk version in source-code on /PSP/app/PSB_Start.asp>. 2. Authenticate into Print Shop Pro WebDesk. 3. Navigate to New Order > Store Orders. 4. Select an item and click Add to Cart. 5. Set the Qty to a negative value. Observe the client-side error message. ![](Please%20enter%20a%20value%20greater%20than%20or%20equal%20to%201.) ### Initial Client-Side Validation Bypass to View Cart 6. Use a web proxy tool that can intercept requests such as Burp Suite. 7. Submit a valid Qty such as 2 and press enter. 8. Catch the HTTP request in the web proxy prior, set the `textQty` parameter to -99. ```markdown POST /PSP/appNET/Store/CartV12.aspx/GetUnitPrice HTTP/2 Host: Content-Type: application/json; charset=UTF-8 { "hfInventoryDistFormID":, "txtQty":-99, "markUpPercent":0, "sipId":[SNIP], "markedUpPrice":5, "hfgLOGINID":"" } ``` 9. Forward the next HTTP request without any modifications. ```markdown POST /PSP/appNET/Store/CartV12.aspx?CurrentItem=[SNIP]&StoreOrderID=0&CatID=-1 ``` 10. Stop intercepting web traffic. Click View Cart in the browser. Observe the negative quantity has been added but client-side validation controls prevent checkout. Once again, the error ![](Please%20enter%20a%20value%20greater%20than%20or%20equal%20to%201.) is displayed. ![](Please%20enter%20a%20value%20greater%20than%20or%20equal%20to%201.) ### Client-Side Validation Bypass to Complete Order 11. Repeat the request intercept and set a negative quantity but after the flow do not click View Cart. Instead complete the order. ## Additional Information Attackers exploit business logic flaws by using applications in unintended ways. This often involves manipulating sensitive input parameters, such as product quantities in shopping carts or order forms, which are not properly validated against the application's intended rules and are then processed as legitimate by the server. ## Recommendations - Implement robust server-side validation to ensure product quantities and other input parameters align with intended business logic and cannot be manipulated. - Enforce integrity checks on transaction data, such as verifying total quantity against expected values before processing orders. ## Resources - -

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-61546: Print Shop Pro WebDesk Business Logic Flaw (Negative Quantity Bypass)

More from this source