Webkul: Security Vulnerabilities
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS Score
7.2
EPSS Score
0.077
Published
2024-07-25
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-13
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-03-01
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-02-26
SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function.
CVSS Score
9.8
EPSS Score
0.015
Published
2024-01-23
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-01-17
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-01-16
A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-23
An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-08-01
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
CVSS Score
8.8
EPSS Score
0.004
Published
2023-06-28