Webkul

Qloapps

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-10759

Exploit
  • EPSS 0.07%
  • Veröffentlicht 21.09.2025 01:02:06
  • Zuletzt bearbeitet 30.10.2025 14:15:58

A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The...

7.2

CVE-2025-6173

Exploit
  • EPSS 0.03%
  • Veröffentlicht 17.06.2025 06:31:07
  • Zuletzt bearbeitet 26.06.2025 15:57:47

A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The at...

4.2

CVE-2025-26058

Exploit
  • EPSS 0.04%
  • Veröffentlicht 18.02.2025 18:15:35
  • Zuletzt bearbeitet 09.07.2025 14:54:04

Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.

6.1

CVE-2025-1155

Exploit
  • EPSS 0.11%
  • Veröffentlicht 10.02.2025 20:15:42
  • Zuletzt bearbeitet 20.06.2025 17:02:52

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiat...

4.3

CVE-2025-1074

Exploit
  • EPSS 0.13%
  • Veröffentlicht 06.02.2025 14:15:30
  • Zuletzt bearbeitet 02.07.2025 19:11:15

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to l...

7.2

CVE-2024-40318

Exploit
  • EPSS 10.4%
  • Veröffentlicht 25.07.2024 19:15:10
  • Zuletzt bearbeitet 21.11.2024 09:30:59

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.

6.5

CVE-2023-36235

Exploit
  • EPSS 0.08%
  • Veröffentlicht 17.01.2024 03:15:07
  • Zuletzt bearbeitet 10.06.2025 17:17:51

An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.

7.5

CVE-2023-36284

Exploit
  • EPSS 24.28%
  • Veröffentlicht 23.06.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:29

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the content...

6.1

CVE-2023-36287

Exploit
  • EPSS 20.46%
  • Veröffentlicht 23.06.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:29

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.

5.4

CVE-2023-36288

Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.06.2023 15:15:10
  • Zuletzt bearbeitet 21.11.2024 08:09:29

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.