PT-2025-44399 · Unknown · Quick.Cart
Published
2025-10-30
·
Updated
2025-10-30
·
CVE-2025-10317
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Quick.Cart version 6.7
Quick.Cart (affected versions not specified)
Description
Quick.Cart is susceptible to Cross-Site Request Forgery in the product creation functionality. A malicious actor can create a specially crafted website that, when visited by an administrator, automatically submits a POST request to create a malicious product with content controlled by the attacker. The software lacks protection against this type of attack, and all forms within the application are potentially vulnerable. The vendor was contacted regarding this issue but did not provide details about the vulnerability or affected version range.
Recommendations
Quick.Cart version 6.7 should be updated when a patch becomes available.
For all other affected versions, update when a patch becomes available.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quick.Cart