CVE-2025-11594
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-11

Last updated on: 2025-10-14

Assigner: VulDB

Description
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-11
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-10-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11594
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ywxbear php-bookstore-website-example *
ywxbear php-basic-bookstore-website *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
CWE-703 The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website, specifically in the /index.php file's Quantity Handler component. The issue is improper validation of the quantity input field, which allows users to input negative numbers. This manipulation causes the total product price calculation to become negative, potentially enabling attackers to exploit the payment logic for unauthorized benefits. The vulnerability can be exploited remotely without authentication. [1, 3]

Impact Analysis

The vulnerability can impact you by allowing attackers to manipulate the quantity input to negative values, which in turn causes the total price calculation to be negative. This can be exploited to bypass payment requirements or gain unauthorized financial benefits, leading to potential financial loss or fraud. Since the exploit is publicly available and can be launched remotely without authentication, it poses a moderate security risk. [1, 3]

Detection Guidance

This vulnerability can be detected by identifying instances of the vulnerable PHP-Bookstore-Website-Example or PHP Basic BookStore Website that accept quantity input without proper validation in the /index.php file. One detection method is to search for URLs containing 'index.php' on your network or system that might be running this software. Using Google Hacking techniques such as 'inurl:index.php' can help find vulnerable targets. Additionally, testing the quantity input field by sending requests with negative or invalid quantity values and observing if the system improperly accepts them can confirm the vulnerability. For example, you can use curl commands to send such requests: curl -X POST -d "quantity=-1" http://target-site/index.php and check if the response or behavior indicates acceptance of invalid quantities. [3, 1]

Mitigation Strategies

Currently, no known countermeasures or mitigations are available for this vulnerability. The advisory suggests replacing the affected product with an alternative. Immediate steps include disabling or restricting access to the vulnerable application if possible, monitoring for exploitation attempts, and applying strict input validation on the quantity parameter if you have the capability to modify the source code. Until a patch or update is available, consider using alternative software that does not have this vulnerability. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11594. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart