VYPR

Qloapps

by QloApps

Source repositories

CVEs (3)

  • CVE-2025-67325CriJan 8, 2026
    risk 0.64cvss 9.8epss 0.01

    Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution.

  • CVE-2026-25558MedJun 8, 2026
    risk 0.31cvss 4.8epss 0.00

    QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG…

  • CVE-2026-25861MedJun 2, 2026
    risk 0.31cvss 5.9epss 0.00

    QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt() function within classes/Tools.php, which…