VulnerAlert



APPS
17-06-2025 04:20

CVE-2025-6173 Vulnerabilidad documentada

5.1 MEDIUM
Tags
#sql injection
#site
#sql
#injection
#exploit
#critical
#web
#product
#php
#list
#admin
#apps
#vulnerability
#products
#/sql(.*)injection/iU
#affected
#remote
#privilege
#issue
#inject
#flaw
#fix
#critic
#attack
#affect
Descripción
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation argument packItself leads to sql injection. attack can be launched remotely. exploit has been disclosed public and may used. vendor confirms existence flaw but considers it a low-level issue due admin privilege pre-requisites. Still, fix planned for future release.
https://github.com/caigo8/CVE-md/blob/main/QloApps/SQL_Injection.md
https://github.com/caigo8/CVE-md/blob/main/QloApps/SQL_Injection.md#vulnerability-recurrence
https://vuldb.com/?ctiid.312661
https://vuldb.com/?id.312661
https://vuldb.com/?submit.593679
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-6173
Resultados similares
Coincidentes en almenos en 50% de los tags
30-06-2025 CVE-2024-46992
Electron is an open source framework for writing cross-platform desktop applications using Java...
Ver información
25-06-2025
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities Multip...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por