config/general.php in Quick.Cart 2.2 and previous versions uses a default username and password, which allows remote malicious users to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open solution quick.cart |