Improper Quantity Validation in ywxbear PHP Bookstore Website Example and PHP Basic BookStore Website
CVE-2025-11594

6.9MEDIUM

Key Information:

Vendor

Ywxbear

Status
PHP-bookstore-website-example
PHP Basic Bookstore Website
Vendor
CVE Published:
11 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11594?

A vulnerability in the ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website affects the handling of input in the Quantity Handler component found in /index.php. Due to the improper validation of quantities specified by users, an attacker may exploit this flaw remotely. This vulnerability poses a risk as it has been publicly disclosed, making it accessible for potential exploits. Continuous delivery mechanisms in this product complicate the identification of specific affected versions, underscoring the importance of immediate attention to security practices.

Affected Version(s)

PHP Basic BookStore Website 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4

PHP-Bookstore-Website-Example 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11594 - Proof of Concept

References

https://vuldb.com/?id.327915
vdb-entry
https://vuldb.com/?ctiid.327915
signaturepermissions-required
https://vuldb.com/?submit.671737
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

lianhaorui (VulDB User)
JSON
.
CVE-2025-11594 : Improper Quantity Validation in ywxbear PHP Bookstore Website Example and PHP Basic BookStore Website