CVE-2023-36284

Name of the Vulnerable Software and Affected Versions Webkul QloApps version 1.6.0

Description An unauthenticated Time-Based SQL injection issue allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. The issue is exploited via the date from, date to, and id product parameters.

Recommendations For Webkul QloApps version 1.6.0, consider restricting access to the affected parameters date from, date to, and id product to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.