Vulnerabilities > Webkul > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-25 | CVE-2024-40318 | Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Qloapps 1.6.0 An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | 7.2 |
| 2023-08-01 | CVE-2023-39147 | Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Uvdesk 1.1.3 An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. | 7.8 |
| 2023-06-28 | CVE-2023-33570 | Unspecified vulnerability in Webkul Bagisto 1.5.1 Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). | 8.8 |
| 2023-06-23 | CVE-2023-36284 | SQL Injection vulnerability in Webkul Qloapps 1.6.0 An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. | 7.5 |