Skip to content

Latest commit

 

History

History
6 lines (4 loc) · 256 Bytes

README.md

File metadata and controls

6 lines (4 loc) · 256 Bytes

CVE-2021-41074

CSRF in Qloapps HotelCommerce 1.5.1

There is a CSRF in HotelCommerce 1.5.1. It can allow anyone to change the admin email.

If an attacker gets an admin to click a maliciously crafted html document, they can change the admin user email.