CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-56426

An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.5%

CVSS Severity

CVSS v3 Score 6.5

References

https://medium.com/@rudranshsinghrajpurohit/cve-2025-56426-cart-price-manipulation-vulnerability-in-bagisto-cms-468b72311969

Products affected by CVE-2025-56426

Webkul » Bagisto » Version: 2.3.6

cpe:2.3:a:webkul:bagisto:2.3.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-56426

Products

Pricing

Contact Us