52 matches found
CVE-2026-23797
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2026-23796
Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
CVE-2026-23796
Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
CVE-2026-23797
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2026-23796
Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
CVE-2026-23796
CVE-2026-23796 concerns a session-fixation vulnerability in Quick.Cart. According to the provided documents, a user’s session identifier can be set before authentication and remains unchanged after login, enabling an attacker to fix a session ID for a victim and potentially hijack the authenticat...
CVE-2026-23796 Session Fixation in Quick.Cart
Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
EUVD-2026-5551
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2026-23797 Plaintext password display in Quick.Cart
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2026-23797
CVE-2026-23797 — Quick.Cart password exposure : The vulnerability in Quick.Cart stores passwords in plaintext, allowing a highly privileged attacker to display user passwords on the user editing page. Red Hat entries corroborate the claim that only version 6.7 has been tested and confirmed vulner...
PT-2026-6546
Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart affected versions not specified Description A user's session identifier can be set before authentication in Quick.Cart. The session ID remains consistent even after authentication, allowing an attacker to fixa...
OpenSolution Quick.Cart 授权问题漏洞
OpenSolution Quick.Cart is an online store system developed by the Polish company OpenSolution. Version 6.7 of OpenSolution Quick.Cart contains an authorization vulnerability. This vulnerability stems from the fact that session identifiers can be set before authentication and remain unchanged...
OpenSolution Quick.Cart 安全漏洞
OpenSolution Quick.Cart is an online store system developed by the Polish company OpenSolution. Version 6.7 of OpenSolution Quick.Cart contains a security vulnerability, which stems from storing user passwords in plaintext. This vulnerability could allow privileged attackers to access user...
CVE-2025-67684
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...
CVE-2025-67683
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-67684
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...
CVE-2025-67684
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...
CVE-2025-67683
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-67684 Remote Code Execution via Local File Inclusion in Quick.Cart
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...
EUVD-2026-4160
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...