Unauthenticated SQL Injection Vulnerability in Webkul QloApps by Webkul
CVE-2023-36284
7.5HIGH
What is CVE-2023-36284?
An unauthenticated Time-Based SQL injection vulnerability in Webkul QloApps version 1.6.0 allows remote attackers to manipulate GET parameters such as date_from, date_to, and id_product. This manipulation can let attackers bypass the application's authentication mechanisms, potentially granting access to sensitive data stored in the database. Organizations using this version of QloApps should take immediate steps to assess their systems and implement necessary patches.
