CVE-2023-36235
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-36235 is a vulnerability affecting webkul qloapps before version 1.6.0. An attacker can exploit this issue by manipulating the id_order parameter, enabling them to gain unauthorized access to sensitive information. This vulnerability poses a significant risk, as the compromised data could include customer details, order information, and other confidential data. The exploit does not require any advanced techniques, making it easily accessible to a wide range of attackers. It is recommended that users upgrade to the latest version of webkul qloapps to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Webkul