CVE-2025-26058

Name of the Vulnerable Software and Affected Versions: Webkul QloApps version 1.6.1

Description: The issue exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.

Recommendations: For Webkul QloApps version 1.6.1, consider modifying the application to prevent appending authentication tokens to URLs during redirection, or implement an alternative secure method for handling user authentication. As a temporary workaround, restrict access to the admin panel and other protected areas to minimize the risk of exploitation.