CVE-2025-67684 (CNNVD-202601-3832)
中文标题:
OpenSolution Quick.Cart 路径遍历漏洞
英文标题:
Remote Code Execution via Local File Inclusion in Quick.Cart
漏洞描述
中文描述:
OpenSolution Quick.Cart是波兰OpenSolution公司的一个网上商店系统。 OpenSolution Quick.Cart存在路径遍历漏洞,该漏洞源于主题选择机制存在本地文件包含和路径遍历问题,可能导致远程代码执行。
英文描述:
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code, resulting in Remote Code Execution on the server. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| OpenSolution | Quick.Cart | 6.7 | - | - |
cpe:2.3:a:opensolution:quick.cart:6.7:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-67684 |
2026-01-23 03:17:27 | 2026-01-22 22:00:08 |
| NVD | nvd_CVE-2025-67684 |
2026-01-23 02:00:05 | 2026-01-22 22:00:16 |
| CNNVD | cnnvd_CNNVD-202601-3832 |
2026-01-26 02:10:03 | 2026-01-25 18:11:58 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 路径遍历
- cnnvd_id: 未提取 -> CNNVD-202601-3832
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']