VYPR

Hotelcommerce

by Webkul

Source repositories

CVEs (2)

  • CVE-2021-41074Jan 12, 2026
    risk 0.00cvss epss 0.00

    A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.

  • CVE-2025-67325Jan 8, 2026
    risk 0.00cvss epss 0.01

    Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution.