VYPR
Vendor

QloApps

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2025-67325CriJan 8, 2026
    risk 0.64cvss 9.8epss 0.01

    Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution.

  • CVE-2021-41074MedJan 12, 2026
    risk 0.35cvss 5.4epss 0.00

    A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.

  • CVE-2026-25558MedJun 8, 2026
    risk 0.31cvss 4.8epss 0.00

    QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG…

  • CVE-2026-25861MedJun 2, 2026
    risk 0.31cvss 5.9epss 0.00

    QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt() function within classes/Tools.php, which…