CNNVD-202509-3212 Information
CNNVD ID
CNNVD-202509-3212
Related CVE
- CNNVD Published: 2025-09-21
Description (Chinese)
Webkul QloApps是Webkul公司的一个酒店预定管理软件。 Webkul QloApps 1.7.0及之前版本存在安全漏洞,该漏洞源于对CSRF Token Handler组件中参数token的错误操作,可能导致授权绕过。
Description (English)
Webkul QloApps is a hotel reservation management software for Webkul. Webkul QloApps 1.7.0 and previous versions have a security loophole, which stems from the error of token ’ s parameter in the CSRF Token Handler component, which may result in the authorization circumvention.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Webuzo
Published
2025-09-21
Last Modified
2026-02-24
References
https://vuldb.com/?submit.645821 https://github.com/Ryomensukuna13/QloApps-Reusable-CSRF-Token-in-Logout-Functionality/blob/main/README.md https://github.com/Ryomensukuna13/QloApps-Reusable-CSRF-Token-in-Logout-Functionality/blob/main/README.md#proof-of-concept-poc https://vuldb.com/?ctiid.325114 https://vuldb.com/?id.325114 https://access.redhat.com/security/cve/cve-2025-10759
Share on: