- Description
- A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this flaw but considers it a low-level issue due to admin privilege pre-requisites. Still, a fix is planned for a future release.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
- Products
- qloapps
CVSS 4.0
- Type
- Secondary
- Base score
- 2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 5.8
- Impact score
- 6.4
- Exploitability score
- 6.4
- Vector string
- AV:N/AC:L/Au:M/C:P/I:P/A:P
- Hype score
- Not currently trending
A lot of offensive activities were identified targeting Webkul QloApps (CVE-2025-6173) https://t.co/Evx1ofBr2a
@vuldb
5 Mar 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6173 A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_li… https://t.co/cMhBQxxjSQ
@CVEnew
17 Jun 2025
522 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkul:qloapps:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A58133B7-029B-4E77-8470-C28C0F8CBC35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]