Cross-Site Request Forgery in Quick.Cart by OpenSolution
CVE-2025-10317

5.1MEDIUM

Key Information:

Vendor: Opensolution
Status: Quick.cart
Vendor: CVE Published:; 30 October 2025

🔔 Create Opensolution Vulnerability Alert

What is CVE-2025-10317?

Quick.Cart, developed by OpenSolution, has a vulnerability that allows attackers to exploit Cross-Site Request Forgery (CSRF) in its product creation functionality. An attacker can design a malicious website that, when accessed by an administrator of Quick.Cart, will trigger a POST request automatically. This can lead to the unintended creation of a product with content determined by the attacker. As the software lacks adequate protection mechanisms against such CSRF attacks, all forms available within it are potentially at risk. Although version 6.7 has been confirmed vulnerable, it is unknown whether other versions may also be affected, as they have not been publicly tested.

Affected Version(s)

Quick.Cart 6.7

References

https://cert.pl/posts/2025/10/CVE-2025-10317

third-party-advisory

https://opensolution.org/sklep-internetowy-quick-cart.html

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Sep 12, 2025

Credit

Łukasz vq4s Woźniak

JSON