CVE-2026-23797
Unknown Unknown - Not Provided
Plaintext Password Exposure in Quick.Cart User Management (v

Publication date: 2026-02-05

Last updated on: 2026-02-19

Assigner: CERT.PL

Description
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23797
EUVD
EUVD-2026-5551
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opensolution quick.cart 6.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

In Quick.Cart, user passwords are stored in plaintext form. This means that passwords are not encrypted or hashed, making them easily readable.

An attacker who has high privileges within the system can view users' passwords directly on the user editing page.

Impact Analysis

This vulnerability can lead to serious security risks because an attacker with high privileges can obtain all user passwords in plaintext.

Such exposure can result in unauthorized access to user accounts, potential identity theft, and further exploitation of the system.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23797. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart