EUVD-2026-34042

🗓️ 03 Jun 2026 00:30:26Reported by EUVDType

QloApps 1.7.0 uses MD5 for password hashing in Tools::encrypt, enabling brute-force attacks.

Reporter	Title	Published	Views	Family All 7
ATTACKERKB	CVE-2026-25861	2 Jun 202622:09	–	attackerkb
Circl	CVE-2026-25861	2 Jun 202623:21	–	circl
CVE	CVE-2026-25861	2 Jun 202622:09	–	cve
Cvelist	CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php	2 Jun 202622:09	–	cvelist
NVD	CVE-2026-25861	2 Jun 202623:16	–	nvd
Positive Technologies	PT-2026-45872	2 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php	2 Jun 202622:09	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "bb0a263e-6706-37d1-ac88-828b3f4f7fa3",
        "vendor": {
          "name": "QloApps"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0fcb81f7-30f0-3413-a719-d4bc892fd821",
        "product": {
          "name": "QloApps",
          "vendor": {
            "name": "Webkul"
          }
        },
        "product_version": "0 ≤1.7.0"
      },
      {
        "id": "fe8c594b-f70b-34c9-8138-a64237fbdfff",
        "product": {
          "name": "QloApps",
          "vendor": {
            "name": "Webkul"
          }
        },
        "product_version": "64e9722e7e6a8fda77dd53964d988fb6b5c3d174"
      }
    ]
  }
]

Source	Link
github	www.github.com/Qloapps/QloApps/pull/1689
github	www.github.com/Qloapps/QloApps/commit/64e9722e7e6a8fda77dd53964d988fb6b5c3d174
vulncheck	www.vulncheck.com/advisories/qloapps-weak-password-hashing-via-md5-in-tools-php
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-25861

03 Jun 2026 00:30Current

5.8Medium risk

Vulners AI Score5.8

CVSS 48.2

CVSS 3.15.9

EPSS0.00178