[Japanese]

JVNDB-2006-000610

QUICK CART OS command injection vulnerability

Overview

QUICK CART is a shopping cart system that provides functionalities used for managing an Internet store.
An OS command injection vulnerability exists in QUICK CART as it does not properly validate the user input.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


QUICK-SOLUTION.COM
  • QUICK CART Ver 2
  • QUICK CART Ver 3 Free
  • QUICK CART Ver 3 Pro
  • QUICK CART Plugin for Movable Type 3.2 (Ver3)

Impact

A remote attacker could execute arbitrary operating system commands on a server running QUICK CART.
Solution

Vendor Information

QUICK-SOLUTION.COM
  • QUICK-SOLUTION.COM : Top Page (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#10222000
Revision History

  • [2008/05/21]
      Web page published

Date Public2006/04/13
Date First Published2008/05/21
Date Last Updated2008/05/21