Beniamin Jabłoński

**Name of the Vulnerable Software and Affected Versions** Quick.Cart version 6.7 Quick.Cart (affected versions not specified) **Description** A user's session identifier can be set before authentication in Quick.Cart. The session ID remains consistent even after authentication, allowing an attacker to fixate a session ID for a victim and subsequently hijack the authenticated session. The vendor was notified of this issue but did not provide details regarding vulnerable version ranges. **Recommendations** Apply a fix for Quick.Cart version 6.7. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quick.Cart version 6.7 Quick.Cart (affected versions not specified) **Description** User passwords are stored in plaintext. An attacker with high privileges can view user passwords on the user editing page. The vendor was notified of this issue but did not provide details regarding vulnerable versions. **Recommendations** Update to a newer version that contains a fix for this vulnerability.