CVE-2025-10317
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-10317, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-30

Last updated on: 2025-10-30

Assigner: CERT.PL

Description

Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker. This software does not implement any protection against this type of attack. All forms available in this software are potentially vulnerable. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-30
Last Modified
2025-10-30
Generated
2026-07-06
AI Q&A
2025-10-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
opensolution quick.cart 6.7

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) in Quick.Cart's product creation functionality. An attacker can create a malicious website that, when visited by an admin user, automatically sends a POST request to Quick.Cart to create a product with attacker-defined content without the admin's consent. The software lacks any protection against CSRF attacks, making all forms potentially vulnerable.

Impact Analysis

This vulnerability can allow an attacker to create unauthorized products in the Quick.Cart system by tricking an admin into visiting a malicious website. This could lead to the insertion of malicious or inappropriate content, potentially damaging the integrity of the product catalog, confusing customers, or harming the reputation of the business.

Mitigation Strategies

To mitigate this vulnerability, immediately restrict access to the product creation functionality to trusted users only, avoid visiting untrusted websites while logged in as an admin, and implement CSRF protection mechanisms such as CSRF tokens in forms. Additionally, monitor and audit product creation activities for any suspicious entries.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10317. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart