CVE-2024-58308

Critical CVSS: 9.3

Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.

Vendor

Opensolution

Product

Quick Cms

CWE

CWE-89

Yayın Tarihi

2025-12-11 22:15:52

Güncelleme

2025-12-31 18:30:13

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-89 Quick.cms CRITICAL Opensolution 2025

Referanslar

https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip https://www.exploit-db.com/exploits/51910 https://www.opensolution.org https://www.vulncheck.com/advisories/quickcms-sql-injection-authentication-bypass-via-admin-login

Benzer Kayıtlar

Medium

CVE-2026-23796

Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the sa…

Medium

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password…

Medium

CVE-2025-67683

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when ope…

Critical

CVE-2025-67684

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart…

Medium

CVE-2025-9982

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file a…

Medium

CVE-2025-10018

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admi…