CVE-2020-35754
Summary
| CVE | CVE-2020-35754 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-28 20:15:00 UTC |
| Updated | 2023-11-07 03:22:00 UTC |
| Description | OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Opensolution | Quick.cart | All | All | All | All |
| Application | Opensolution | Quick.cart | All | All | All | All |
| Application | Opensolution | Quick.cms | All | All | All | All |
| Application | Opensolution | Quick.cms | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security fix for CART and CMS | OpenSolution.org | opensolution.org | ||
| CVE-2020-35754 – Authenticated RCE in Quick.CMS and Quick.Cart < 6.7 - Secator | MISC | secator.pl | Exploit, Third Party Advisory |
| Quick.Cms - free CMS script written in PHP | MISC | opensolution.org | Product |
| Security fix for CART and CMS | OpenSolution.org | CONFIRM | opensolution.org | Vendor Advisory |
| Quick.CMS 6.7 Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.