{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-11594", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-10-10T12:28:53.584Z", "datePublished": "2025-10-11T09:02:05.497Z", "dateUpdated": "2025-10-14T14:09:17.291Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-11T09:02:05.497Z"}, "title": "ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1284", "lang": "en", "description": "Improper Validation of Specified Quantity in Input"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-703", "lang": "en", "description": "Improper Check or Handling of Exceptional Conditions"}]}], "affected": [{"vendor": "ywxbear", "product": "PHP-Bookstore-Website-Example", "versions": [{"version": "0e0b9f542f7a2d90a8d7f8c83caca69294e234e4", "status": "affected"}], "modules": ["Quantity Handler"]}, {"vendor": "ywxbear", "product": "PHP Basic BookStore Website", "versions": [{"version": "0e0b9f542f7a2d90a8d7f8c83caca69294e234e4", "status": "affected"}], "modules": ["Quantity Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases."}, {"lang": "de", "value": "In ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /index.php der Komponente Quantity Handler. Durch das Manipulieren mit unbekannten Daten kann eine improper validation of specified quantity in input-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bei diesem Produkt handelt es sich um ein Rolling Release, das eine fortlaufende Bereitstellung erm\u00f6glicht. Aus diesem Grund stehen keine Versionsinformationen zu betroffenen oder aktualisierten Versionen zur Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-10-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-10-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-10-10T14:33:59.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "lianhaorui (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.327915", "name": "VDB-327915 | ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.327915", "name": "VDB-327915 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.671737", "name": "Submit #671737 | PHP-Bookstore-Website-Example web 1 Business Logic Errors", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T13:25:09.783228Z", "id": "CVE-2025-11594", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T14:09:17.291Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11594", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T13:25:09.783228Z"}}}], "references": [{"url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T13:25:49.052Z"}}], "cna": {"title": "ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input", "credits": [{"lang": "en", "type": "reporter", "value": "lianhaorui (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "ywxbear", "modules": ["Quantity Handler"], "product": "PHP-Bookstore-Website-Example", "versions": [{"status": "affected", "version": "0e0b9f542f7a2d90a8d7f8c83caca69294e234e4"}]}, {"vendor": "ywxbear", "modules": ["Quantity Handler"], "product": "PHP Basic BookStore Website", "versions": [{"status": "affected", "version": "0e0b9f542f7a2d90a8d7f8c83caca69294e234e4"}]}], "timeline": [{"lang": "en", "time": "2025-10-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-10-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-10-10T14:33:59.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.327915", "name": "VDB-327915 | ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.327915", "name": "VDB-327915 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.671737", "name": "Submit #671737 | PHP-Bookstore-Website-Example web 1 Business Logic Errors", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases."}, {"lang": "de", "value": "In ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /index.php der Komponente Quantity Handler. Durch das Manipulieren mit unbekannten Daten kann eine improper validation of specified quantity in input-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bei diesem Produkt handelt es sich um ein Rolling Release, das eine fortlaufende Bereitstellung erm\u00f6glicht. Aus diesem Grund stehen keine Versionsinformationen zu betroffenen oder aktualisierten Versionen zur Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1284", "description": "Improper Validation of Specified Quantity in Input"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-703", "description": "Improper Check or Handling of Exceptional Conditions"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-11T09:02:05.497Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11594", "state": "PUBLISHED", "dateUpdated": "2025-10-14T14:09:17.291Z", "dateReserved": "2025-10-10T12:28:53.584Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-10-11T09:02:05.497Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases."}], "id": "CVE-2025-11594", "lastModified": "2025-10-14T19:36:59.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-10-11T09:15:32.873", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.327915"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.327915"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.671737"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/Lianhaorui/Report/blob/main/Payment%20Logic%20Vulnerability.docx"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-703"}, {"lang": "en", "value": "CWE-1284"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}