CVE-2023-36235

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 17, 2024
Updated: Jan 24, 2024
CWE ID 639

Summary

CVE-2023-36235 is a vulnerability affecting webkul qloapps before version 1.6.0. An attacker can exploit this issue by manipulating the id_order parameter, enabling them to gain unauthorized access to sensitive information. This vulnerability poses a significant risk, as the compromised data could include customer details, order information, and other confidential data. The exploit does not require any advanced techniques, making it easily accessible to a wide range of attackers. It is recommended that users upgrade to the latest version of webkul qloapps to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share