Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open solution quick.cart vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-3138
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.
Open Solution Quick.cart
1 EDB exploit
6.8
CVSSv2
CVE-2007-3139
config/general.php in Quick.Cart 2.2 and previous versions uses a default username and password, which allows remote malicious users to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code.
Open Solution Quick.cart
1 EDB exploit
7.5
CVSSv2
CVE-2007-1407
Unspecified vulnerability in OpenSolution Quick.Cart prior to 2.1 has unknown impact and attack vectors, related to a "low critical exploit."
Open Solution Quick.cart
4.3
CVSSv2
CVE-2005-1587
Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote malicious users to inject arbitrary web script or HTML via the sWord parameter.
Open Solution Quick.cart 0.3.0
1 EDB exploit
6.8
CVSSv2
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) ca...
Open Solution Quick.cart 2.0
1 EDB exploit
6.8
CVSSv2
CVE-2006-6391
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote malicious users to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other....
Open Solution Quick.cart 2.0
1 EDB exploit
7.5
CVSSv2
CVE-2005-1588
SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote malicious users to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vul...
Open Solution Quick.cart 0.3
5
CVSSv2
CVE-2012-6049
Open Solution Quick.Cart 5.0 allows remote malicious users to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message.
Opensolution Quick.cart 5.0
4.3
CVSSv2
CVE-2012-6430
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE...
Opensolution Quick Cms 5.0
Opensolution Quick Cart 6.0
1 EDB exploit
6.8
CVSSv2
CVE-2007-0258
Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote malicious users to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information.
Fastilo Fastilo 2.0
Opensolution Quick.car 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started