CVE-2025-1074: Webkul QloApps URL mylogout cross-site request forgery
First published: Thu Feb 06 2025(Updated: )
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QloApps |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1074?
CVE-2025-1074 is classified as a problematic vulnerability due to its potential for exploitation.
What type of vulnerability is CVE-2025-1074?
CVE-2025-1074 is identified as a cross-site request forgery (CSRF) vulnerability.
How does CVE-2025-1074 affect Webkul QloApps users?
CVE-2025-1074 allows an attacker to exploit the logout function remotely, potentially compromising user sessions.
How do I fix CVE-2025-1074?
To mitigate CVE-2025-1074, users should implement CSRF tokens in the affected function to validate requests.
Is it possible to exploit CVE-2025-1074 remotely?
Yes, CVE-2025-1074 can be exploited remotely, allowing attackers to initiate CSRF attacks.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/source
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/webkul
- canonical/qloapps