Webkul

Qloapps

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-41074

  • EPSS 0.01%
  • Veröffentlicht 12.01.2026 00:00:00
  • Zuletzt bearbeitet 22.01.2026 18:45:07

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.

9.8

CVE-2025-67325

Exploit
  • EPSS 0.27%
  • Veröffentlicht 08.01.2026 00:00:00
  • Zuletzt bearbeitet 30.01.2026 01:06:56

Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution.

5.3

CVE-2025-10759

Exploit
  • EPSS 0.05%
  • Veröffentlicht 21.09.2025 01:02:06
  • Zuletzt bearbeitet 30.10.2025 14:15:58

A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The...

7.2

CVE-2025-6173

Exploit
  • EPSS 0.05%
  • Veröffentlicht 17.06.2025 06:31:07
  • Zuletzt bearbeitet 26.06.2025 15:57:47

A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The at...

4.2

CVE-2025-26058

Exploit
  • EPSS 0.04%
  • Veröffentlicht 18.02.2025 18:15:35
  • Zuletzt bearbeitet 09.07.2025 14:54:04

Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.

6.1

CVE-2025-1155

Exploit
  • EPSS 0.11%
  • Veröffentlicht 10.02.2025 20:15:42
  • Zuletzt bearbeitet 20.06.2025 17:02:52

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiat...

4.3

CVE-2025-1074

Exploit
  • EPSS 0.13%
  • Veröffentlicht 06.02.2025 14:15:30
  • Zuletzt bearbeitet 02.07.2025 19:11:15

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to l...

7.2

CVE-2024-40318

Exploit
  • EPSS 10.06%
  • Veröffentlicht 25.07.2024 19:15:10
  • Zuletzt bearbeitet 21.11.2024 09:30:59

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.

6.5

CVE-2023-36235

Exploit
  • EPSS 0.08%
  • Veröffentlicht 17.01.2024 03:15:07
  • Zuletzt bearbeitet 10.06.2025 17:17:51

An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.

7.5

CVE-2023-36284

Exploit
  • EPSS 26.55%
  • Veröffentlicht 23.06.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:09:29

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the content...