CVE-2026-23797
Plaintext Password Exposure in Quick.Cart User Management (v
Publication date: 2026-02-05
Last updated on: 2026-02-19
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opensolution | quick.cart | 6.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
In Quick.Cart, user passwords are stored in plaintext form. This means that passwords are not encrypted or hashed, making them easily readable.
An attacker who has high privileges within the system can view users' passwords directly on the user editing page.
How can this vulnerability impact me? :
This vulnerability can lead to serious security risks because an attacker with high privileges can obtain all user passwords in plaintext.
Such exposure can result in unauthorized access to user accounts, potential identity theft, and further exploitation of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know