← volver
CVE-2025-1074

Webkul QloApps URL mylogout cross-site request forgery

CVSS 5.3 MEDIUMEPSS 0.3%CWE-352CWE-862
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 feb 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Webkul · QloApps

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/mano257200/qloapps-csrf-logout-vulnerabilityhttps://vuldb.com/?ctiid.294834https://vuldb.com/?id.294834https://vuldb.com/?submit.491600