Vulnerability Details CVE-2020-35754
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.145
EPSS Ranking 94.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/161189/Quick.CMS-6.7-Remote-Code-Execution.html
- https://opensolution.org/cms-system-quick-cms.html
- https://opensolution.org/security-fix-for-cart-and-cms%21-en-1136.html
- https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
- http://packetstormsecurity.com/files/161189/Quick.CMS-6.7-Remote-Code-Execution.html
- https://opensolution.org/cms-system-quick-cms.html
- https://opensolution.org/security-fix-for-cart-and-cms%21-en-1136.html
- https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
Products affected by CVE-2020-35754
-
cpe:2.3:a:opensolution:quick.cart:*
-
cpe:2.3:a:opensolution:quick.cms:2.4
-
cpe:2.3:a:opensolution:quick.cms:4.0