Filtered by vendor Webkul Subscriptions
Filtered by product Qloapps Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-36284 1 Webkul 1 Qloapps 2024-11-29 7.5 High
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.
CVE-2023-36287 1 Webkul 1 Qloapps 2024-11-29 6.1 Medium
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.
CVE-2023-36288 1 Webkul 1 Qloapps 2024-11-29 5.4 Medium
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.
CVE-2023-36289 1 Webkul 1 Qloapps 2024-11-29 6.1 Medium
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.
CVE-2024-40318 1 Webkul 1 Qloapps 2024-11-21 7.2 High
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2023-36235 1 Webkul 1 Qloapps 2024-11-21 6.5 Medium
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.
CVE-2023-30256 1 Webkul 1 Qloapps 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.