CVE-2021-41074

A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.
References
Link Resource
https://github.com/dillonkirsch/CVE-2021-41074 Third Party Advisory
https://qloapps.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:webkul:qloapps:1.5.1:*:*:*:*:*:*:*

History

17 Jun 2026, 04:07

Type Values Removed Values Added
Summary
  • (es) Un problema de CSRF en index.php en QloApps hotel eCommerce 1.5.1 permite a un atacante cambiar la dirección de correo electrónico del administrador a través de un documento HTML manipulado.

22 Jan 2026, 18:45

Type Values Removed Values Added
CPE cpe:2.3:a:webkul:qloapps:1.5.1:*:*:*:*:*:*:*
References () https://github.com/dillonkirsch/CVE-2021-41074 - () https://github.com/dillonkirsch/CVE-2021-41074 - Third Party Advisory
References () https://qloapps.com/ - () https://qloapps.com/ - Product
First Time Webkul qloapps
Webkul

12 Jan 2026, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-12 21:15

Updated : 2026-06-17 04:07


NVD link : CVE-2021-41074

Mitre link : CVE-2021-41074

CVE.ORG link : CVE-2021-41074


JSON object : View

Products Affected

webkul

  • qloapps
CWE
CWE-352

Cross-Site Request Forgery (CSRF)