CVE-2025-56426

An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.

Published Nov 4, 2025

https://medium.com/@rudranshsinghrajpurohit/cve-2025-56426-cart-price-manipulation-vulnerability-in-bagisto-cms-468b72311969

CVSS ScoreMedium

6.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-56426

An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.

Published Nov 4, 2025

https://medium.com/@rudranshsinghrajpurohit/cve-2025-56426-cart-price-manipulation-vulnerability-in-bagisto-cms-468b72311969

CVSS ScoreMedium

6.5


composer	bagisto/bagisto	v2.3.6

Ecosystem	Package	Version


composer	bagisto/bagisto	v2.3.6

Find vulnerabilities. Fix fast with AI.

CVE-2025-56426

CVE-2025-56426