CVE-2025-67684

Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart (affected versions not specified)

Description Quick.Cart is susceptible to Local File Inclusion and Path Traversal issues within its theme selection process. A user with sufficient privileges can upload arbitrary file content, with validation limited to the filename extension. This allows an attacker to include and execute uploaded PHP code, potentially leading to Remote Code Execution on the server. The vendor was contacted regarding this issue but did not provide details about vulnerable versions or a response. The API endpoint involved in theme selection is not specified. The vulnerable parameter is not specified. The vulnerable function is not specified.

Recommendations Quick.Cart version 6.7 should be updated when a fix becomes available. For all other affected versions, update when a fix becomes available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.