Opensolution

Quick.Cart

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-23796

  • EPSS 0.06%
  • Veröffentlicht 05.02.2026 11:07:59
  • Zuletzt bearbeitet 19.02.2026 18:31:45

Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated se...

4.9

CVE-2026-23797

  • EPSS 0.03%
  • Veröffentlicht 05.02.2026 11:07:55
  • Zuletzt bearbeitet 19.02.2026 18:30:15

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerabilit...

6.1

CVE-2025-67683

  • EPSS 0.01%
  • Veröffentlicht 22.01.2026 12:15:55
  • Zuletzt bearbeitet 19.02.2026 18:33:51

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, b...

7.2

CVE-2025-67684

  • EPSS 0.56%
  • Veröffentlicht 22.01.2026 12:15:55
  • Zuletzt bearbeitet 19.02.2026 18:33:15

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker t...

5.1

CVE-2025-10317

  • EPSS 0.04%
  • Veröffentlicht 30.10.2025 11:48:43
  • Zuletzt bearbeitet 30.10.2025 15:03:13

Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content ...

7.2

CVE-2020-35754

Exploit
  • EPSS 14.46%
  • Veröffentlicht 28.01.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:28:00

OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.

5

CVE-2012-6049

  • EPSS 0.28%
  • Veröffentlicht 27.11.2012 04:49:26
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message.

6.8

CVE-2009-4120

Exploit
  • EPSS 0.14%
  • Veröffentlicht 01.12.2009 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delet...

4.3

CVE-2008-4140

Exploit
  • EPSS 0.29%
  • Veröffentlicht 24.09.2008 05:41:38
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string.