Vulnerabilities > Webkul > Qloapps > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-25 | CVE-2024-40318 | Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Qloapps 1.6.0 An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | 7.2 |
| 2023-06-23 | CVE-2023-36284 | SQL Injection vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. | 7.5 |