RSS   Vulnerabilities for 'Quick.cart'   RSS

2021-01-28
 
CVE-2020-35754

CWE-74
 

 
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.

 
2012-11-26
 
CVE-2012-6049

CWE-200
 

 
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message.

 
2009-11-30
 
CVE-2009-4120

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.

 
2008-09-24
 
CVE-2008-4140

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string.

 

 >>> Vendor: Opensolution 6 Products
Quick.cart
Quick.cms.lite
Quick.car
Quick.cms
Quick cart
Quick cms


Copyright 2024, cxsecurity.com

 

Back to Top