CVE-2025-1074 MEDIUM

CVE-2025-1074: Webkul QloApps URL mylogout cross-site request forgery

Vendor Webkul

Product QloApps

Weakness CWE-352 · CSRF

Published February 6, 2025

Last update February 6, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it.

Key dates

02Disclosure timeline

February 6, 2025 CVE published

February 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1074 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

CVE-2025-1074: Webkul QloApps URL mylogout cross-site request forgery

01Description

02Disclosure timeline

03References

04Related CVE