This page aggregates publicly disclosed CVE and security risk information related to open_solution, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2007-3139 | config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code. | [email protected] | 6.8 | 17.80% | 2007-06-08 | 2026-04-23 |
| CVE-2007-3138 | Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php. | [email protected] | 7.5 | 12.76% | 2007-06-08 | 2026-04-23 |
| CVE-2007-1407 | Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit." | [email protected] | 7.5 | 0.39% | 2007-03-10 | 2026-04-23 |
| CVE-2006-6391 | Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 6.8 | 2.71% | 2006-12-08 | 2026-04-23 |
| CVE-2006-6390 | Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file | [email protected] | 6.8 | 7.01% | 2006-12-08 | 2026-04-23 |
| CVE-2005-1587 | Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. | [email protected] | 4.3 | 0.53% | 2005-05-14 | 2026-04-16 |
| CVE-2005-1586 | Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. | [email protected] | 5.0 | 0.50% | 2005-05-14 | 2026-04-16 |
| CVE-2005-1584 | Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. | [email protected] | 4.3 | 0.44% | 2005-05-14 | 2026-04-16 |
| CVE-2005-1588 | SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection | [email protected] | 7.5 | 0.72% | 2005-05-11 | 2026-04-16 |
| CVE-2005-1585 | Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory. | [email protected] | 7.5 | 0.58% | 2005-05-11 | 2026-04-16 |