An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.

Related CVEs

CVE-2023-36284

Key Information

GHSA ID

GHSA-33vr-wwjf-63w6

Published

June 23, 2023 6:30 PM

Last Modified

April 4, 2024 5:06 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 28, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.