Lucene search
+L

4 matches found

OSV
OSV
added 2023/06/23 4:15 p.m.13 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

7.5CVSS8.6AI score
Exploits0References1
CVE
CVE
added 2023/06/23 12:0 a.m.55 views

CVE-2023-36284

Webkul QloApps 1.6.0 contains an unauthenticated Time-Based SQL injection via GET parameters date_from, date_to, and id_product. The underlying flaw allows an attacker to bypass authentication/authorization and retrieve the database contents. The issue is documented across multiple feeds (NVD, NV...

7.5CVSS8.1AI score0.03157EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/06/23 12:0 a.m.22 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

8.3AI score0.03157EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/23 12:0 a.m.15 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

8.6AI score0.03157EPSS
Exploits1References1
Rows per page
Query Builder