CVE-2009-4120

Name of the Vulnerable Software and Affected Versions Quick.Cart version 3.4

Description The issue allows remote attackers to hijack the authentication of the administrator for requests. This can be done via an orders-delete action to "admin.php" for deleting orders. Additionally, it may be possible to delete products or pages via unspecified vectors.

Recommendations For Quick.Cart version 3.4, consider restricting access to the "admin.php" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the orders-delete action until a patch is available. Restrict access to delete products and pages functionality to authorized personnel only.