OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language...
7.2CVSS
7.1AI Score
0.128EPSS
Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error...
7AI Score
0.003EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified...
8.1AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query...
5.9AI Score
0.002EPSS
config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary...
8.1AI Score
0.04EPSS
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in...
7.9AI Score
0.008EPSS
Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical...
6.8AI Score
0.002EPSS
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2)...
7.5AI Score
0.01EPSS
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2)...
8.1AI Score
0.016EPSS
Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord...
6.3AI Score
0.01EPSS
SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL...
9.3AI Score
0.002EPSS