CNNVD-202602-856 Information

CNNVD ID

CNNVD-202602-856

Related CVE

CVE-2026-23796

• CNNVD Published: 2026-02-05

Description (Chinese)

OpenSolution Quick.Cart是波兰OpenSolution公司的一个网上商店系统。 OpenSolution Quick.Cart 6.7版本存在授权问题漏洞，该漏洞源于会话标识符可在身份验证前设置并在之后保持不变，可能导致攻击者劫持经过身份验证的会话。

Description (English)

OpenSolution Quick.Cart is an online shop system for Polish OpenSolution. Version 6.7 of OpenSolution Quick.Cart has a mandate gap, which stems from the fact that the session identifier can be set up before identification and remains unchanged thereafter, which may lead to the assailant abducting an identified session.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

OpenSolution

Published

2026-02-05

Last Modified

2026-02-24

References

https://cert.pl/posts/2026/02/CVE-2026-23796 https://opensolution.org/sklep-internetowy-quick-cart.html