OpenSolution QuickCMS Hardcoded Admin Credentials Vulnerability in Configuration File

Vulnerability

A vulnerability in OpenSolution QuickCMS version 6.8 allows for the retrieval of sensitive admin credentials that are hardcoded and stored in plaintext within a configuration file. This issue can lead to privilege escalation for attackers who have access to the source code or the server file system. While the vendor was notified about this vulnerability, they did not provide details regarding the vulnerable version range. Only version 6.8 has been tested and confirmed as vulnerable, leaving the status of other versions uncertain.

Impact

Exploitation of this vulnerability could result in unauthorized access to admin credentials, allowing for privilege escalation within the application.

Added: Nov 14, 2025, 2:19 PM

Updated: Nov 14, 2025, 4:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenSolution QuickCMS Hardcoded Admin Credentials Vulnerability in Configuration File

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating