Home

Description

An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.

PUBLISHED Reserved 2025-08-17 | Published 2025-10-09 | Updated 2025-10-09 | Assigner mitre

References

medium.com/...tion-vulnerability-in-bagisto-cms-468b72311969

cve.org (CVE-2025-56426)

nvd.nist.gov (CVE-2025-56426)

Download JSON