Vulnerability Details CVE-2020-35754
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.188
EPSS Ranking 95.0%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/161189/Quick.CMS-6.7-Remote-Code-Execution.html
- https://opensolution.org/cms-system-quick-cms.html
- https://opensolution.org/security-fix-for-cart-and-cms%21-en-1136.html
- https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
- http://packetstormsecurity.com/files/161189/Quick.CMS-6.7-Remote-Code-Execution.html
- https://opensolution.org/cms-system-quick-cms.html
- https://opensolution.org/security-fix-for-cart-and-cms%21-en-1136.html
- https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
Products affected by CVE-2020-35754
-
cpe:2.3:a:opensolution:quick.cart:*
-
cpe:2.3:a:opensolution:quick.cms:2.4
-
cpe:2.3:a:opensolution:quick.cms:4.0