Webkul Qloapps

14 CVEs affecting Webkul Qloapps. Latest disclosed: 2026-01-12. Critical: 1, High: 2.

Top CVEs affecting Webkul Qloapps
CVESeverityScorePublishedSummary
CVE-2025-67325Critical9.82026-01-08Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execu…
CVE-2023-36284High7.52023-06-23An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypa…
CVE-2024-40318High7.22024-07-25An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-36235Medium6.52024-01-17An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.
CVE-2023-36287Medium6.12023-06-23An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then imperso…
CVE-2023-36289Medium6.12023-06-23An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then imperso…
CVE-2023-30256Medium6.12023-05-11Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create param…
CVE-2021-41074Medium5.42026-01-12A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.
CVE-2023-36288Medium5.42023-06-23An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then imperso…
CVE-2025-10759Medium5.32025-09-21A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of th…
CVE-2025-6173Medium4.72025-06-17A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_pr…
CVE-2025-1155Medium4.32025-02-10A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your…
CVE-2025-1074Medium4.32025-02-06A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the compo…
CVE-2025-26058Medium4.22025-02-18Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application app…