CVE-2025-10317
BaseFortify
Publication date: 2025-10-30
Last updated on: 2025-10-30
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opensolution | quick.cart | 6.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in Quick.Cart's product creation functionality. An attacker can create a malicious website that, when visited by an admin user, automatically sends a POST request to Quick.Cart to create a product with attacker-defined content without the admin's consent. The software lacks any protection against CSRF attacks, making all forms potentially vulnerable.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to create unauthorized products in the Quick.Cart system by tricking an admin into visiting a malicious website. This could lead to the insertion of malicious or inappropriate content, potentially damaging the integrity of the product catalog, confusing customers, or harming the reputation of the business.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately restrict access to the product creation functionality to trusted users only, avoid visiting untrusted websites while logged in as an admin, and implement CSRF protection mechanisms such as CSRF tokens in forms. Additionally, monitor and audit product creation activities for any suspicious entries.