Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Session Fixation in Quick.Cart
Vulnerability Description
Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Information
N/A
Vulnerability Type
会话固定
Vulnerability Title
OpenSolution Quick.Cart 授权问题漏洞
Vulnerability Description
OpenSolution Quick.Cart是波兰OpenSolution公司的一个网上商店系统。 OpenSolution Quick.Cart 6.7版本存在授权问题漏洞,该漏洞源于会话标识符可在身份验证前设置并在之后保持不变,可能导致攻击者劫持经过身份验证的会话。
CVSS Information
N/A
Vulnerability Type
N/A