4 matches found
CVE-2023-36284
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...
CVE-2023-36284
Webkul QloApps 1.6.0 contains an unauthenticated Time-Based SQL injection via GET parameters date_from, date_to, and id_product. The underlying flaw allows an attacker to bypass authentication/authorization and retrieve the database contents. The issue is documented across multiple feeds (NVD, NV...
CVE-2023-36284
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...
CVE-2023-36284
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...