cpe:/a:opensolution:quick.cart:3.4 CVE-2009-4120 2009-11-30T21:30:00.437-05:00 2017-08-16T21:31:27.180-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-12-01T07:54:00.000-05:00 FULLDISC 20091123 Quick.Cart and Quick.CMS CSRF Vulnerabilities BID 37115 XF quickcart-delete-csrf(54413) Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.