CVE-2007-3139

Quick.Cart <2.2 - RCE

Title source: llm

Description

config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/4025

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/25513

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34688

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4025

[Third Party Advisory, VDB Entry] http://osvdb.org/36961

Scores

EPSS 0.1780

EPSS Percentile 95.1%

Details

Status published

Products (1)

open_solution/quick.cart < 2.2

Published Jun 08, 2007

Tracked Since Feb 18, 2026