CVE-2020-35754
N/A
N/A
Summary
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://opensolution.org/cms-system-quick-cms.html
- https://opensolution.org/security-fix-for-cart-and-cms%21-en-1136.html
- https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
- http://packetstormsecurity.com/files/161189/Quick.CMS-6.7-Remote-Code-Execution.html
References
- https://opensolution.org/cms-system-quick-cms.html
- https://opensolution.org/security-fix-for-cart-and-cms%21-en-1136.html
- https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
- http://packetstormsecurity.com/files/161189/Quick.CMS-6.7-Remote-Code-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.