Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webkul vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-16403
In Webkul Bagisto prior to 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
Webkul Bagisto
6.1
CVSSv3
CVE-2021-41924
Webkul krayin crm prior to 1.2.2 is vulnerable to Cross Site Scripting (XSS).
Webkul Krayin
6.5
CVSSv3
CVE-2023-36235
An issue in webkul qloapps before v1.6.0 allows an malicious user to obtain sensitive information via the id_order parameter.
Webkul Qloapps
4.8
CVSSv3
CVE-2023-36236
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an malicious user to execute arbitrary code via a crafted SVG file uplad.
Webkul Bagisto
6.1
CVSSv3
CVE-2023-30256
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote malicious user to obtain sensitive information via the back and email_create parameters in the AuthController.php file.
Webkul Qloapps 1.5.2
1 Github repository
8.8
CVSSv3
CVE-2019-14933
Bagisto 0.1.5 allows CSRF under /admin URIs.
Webkul Bagisto 0.1.5
5.4
CVSSv3
CVE-2023-37636
A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.
Webkul Uvdesk 1.1.1
8.8
CVSSv3
CVE-2023-33570
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
Webkul Bagisto 1.5.1
7.8
CVSSv3
CVE-2023-39147
An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows malicious users to execute arbitrary code via uploading a crafted image file.
Webkul Uvdesk 1.1.3
7.5
CVSSv3
CVE-2023-36284
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote malicious user to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire data...
Webkul Qloapps 1.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »