CVE-2007-3139

Quick.Cart < 2.2 - Unauthenticated Remote Code Execution via Default Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3139. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a remote local file inclusion vulnerability in Quick.Cart <= v2.2, allowing remote code execution by injecting malicious code into log files and leveraging the LANGUAGE cookie to include and execute it. It also includes functionality to authenticate as an admin if credentials are provided.

Description

config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kacper · phpwebappsphp
https://www.exploit-db.com/exploits/4025

This exploit targets a remote local file inclusion vulnerability in Quick.Cart <= v2.2, allowing remote code execution by injecting malicious code into log files and leveraging the LANGUAGE cookie to include and execute it. It also includes functionality to authenticate as an admin if credentials are provided.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Quick.Cart <= v2.2
Auth required
Prerequisites: Target server running Quick.Cart <= v2.2 · Write access to log files · Admin credentials if default credentials are changed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25513
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36961
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34688
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4025

Scores

EPSS 0.0351
EPSS Percentile 87.7%

Details

Status published
Products (1)
open_solution/quick.cart < 2.2
Published Jun 08, 2007
Tracked Since Feb 18, 2026