Open Solution Quick.Cart vulnerabilities
7 known vulnerabilities affecting open_solution/quick.cart.
Total CVEs
7
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2007-3139P3MEDIUMCVSS 6.8PoC≤ 2.22007-06-08
CVE-2007-3139 [MEDIUM] CVE-2007-3139: config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows
config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code.
nvd
CVE-2007-3138P3HIGHCVSS 7.5PoC≤ 2.22007-06-08
CVE-2007-3138 [HIGH] CVE-2007-3138: Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows re
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.
nvd
CVE-2006-6390P3MEDIUMCVSS 6.8PoCv2.02006-12-08
CVE-2006-6390 [MEDIUM] CVE-2006-6390: Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/;
nvd
CVE-2006-6391P4MEDIUMCVSS 6.8PoCv2.02006-12-08
CVE-2006-6391 [MEDIUM] CVE-2006-6391: Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unkn
nvd
CVE-2005-1587P4MEDIUMCVSS 4.3PoCv0.3.02005-05-14
CVE-2005-1587 [MEDIUM] CVE-2005-1587: Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers t
Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter.
nvd
CVE-2005-1588P4HIGHCVSS 7.5v0.32005-05-11
CVE-2005-1588 [HIGH] CVE-2005-1588: SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arb
SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection
nvd
CVE-2007-1407P4HIGHCVSS 7.5≤ 2.02007-03-10
CVE-2007-1407 [HIGH] CVE-2007-1407: Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vector
Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit."
nvd