PT-2007-4422 · Opensolution · Quick.Cart
Kacper
·
Publicado
2007-06-08
·
Atualizado
2017-10-11
·
CVE-2007-3139
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Quick.Cart versions 2.2 and earlier
Description:
The issue allows remote attackers to access the application by leveraging a default username and password in the config/general.php file. This can be used to upload and execute arbitrary code via a login action to the "admin.php" endpoint.
Recommendations:
For Quick.Cart versions 2.2 and earlier, change the default username and password in the config/general.php file to prevent unauthorized access. As a temporary workaround, consider restricting access to the "admin.php" endpoint until the issue is resolved.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Quick.Cart