PT-2025-38648 · Webkul · Qloapps
Published
2025-09-21
·
Updated
2025-10-30
·
CVE-2025-10759
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Webkul QloApps versions up to 1.7.0
Description
A flaw exists in the CSRF Token Handler component of Webkul QloApps. Manipulation of the
token argument within an unknown function can lead to authorization bypass. This issue can be exploited remotely. The exploit is publicly available.Recommendations
Versions prior to the next major release are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authorization
IDOR
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qloapps