CNNVD-202510-1337 Information

CNNVD ID

CNNVD-202510-1337

Related CVE

CVE-2025-56426

• CNNVD Published: 2025-10-09

Description (Chinese)

Webkul Software Bagisto是印度Webkul Software公司的一套开源的电子商务框架。 Webkul Software Bagisto 2.3.6版本存在安全漏洞，该漏洞源于Cart/Checkout API端点中的价格计算逻辑未正确验证数量输入，可能导致执行任意代码。

Description (English)

Webkul Software Bagisto is an open-source e-commerce framework for Webkul Software in India. There is a security loophole in version 2.3.6 of Webkul Software Bagisto, which originates from the incorrect quantity input in the price calculation logic of the Cart/Checkout API endpoint, which may result in the execution of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Webkul Software

Published

2025-10-09

Last Modified

2026-02-24

References

https://medium.com/@rudranshsinghrajpurohit/cve-2025-56426-cart-price-manipulation-vulnerability-in-bagisto-cms-468b72311969