CVE-2021-41074
CSRF Vulnerability in QloApps 1.5.1 Allows Admin Email Change
Publication date: 2026-01-12
Last updated on: 2026-01-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qloapps | qloapps | 1.5.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to change the administrator's email address without permission. This can lead to further account compromise or unauthorized access, as the attacker could potentially take control of the admin account or intercept sensitive communications. [1]
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in QloApps HotelCommerce version 1.5.1. It allows an attacker to change the administrator's email address without authorization by tricking an authenticated admin user into clicking a maliciously crafted HTML document. Once the admin interacts with this document, the attacker can modify the admin user's email address, potentially leading to further account compromise or unauthorized access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized changes to the administrator's email address in QloApps HotelCommerce version 1.5.1. Since it is a CSRF vulnerability triggered by an authenticated admin interacting with a crafted HTML document, detection involves checking server logs for suspicious POST requests to index.php that change admin email addresses without proper authorization. Additionally, reviewing web server access logs for unusual referrers or sources of requests that modify admin settings can help. Specific commands would depend on your environment, but for example, using grep on server logs to find POST requests to index.php with parameters related to email changes could be useful, e.g., `grep 'POST /index.php' /var/log/apache2/access.log | grep 'email='`. Also, monitoring admin account email changes in the application database or logs can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying any available patches or updates from QloApps that address this CSRF vulnerability. If no patch is available, implement CSRF protection mechanisms such as adding CSRF tokens to forms that change admin email addresses. Additionally, restrict access to the admin panel to trusted IP addresses, enforce strong authentication, and educate administrators to avoid clicking on suspicious links or HTML documents. Monitoring and alerting on changes to admin email addresses can also help detect exploitation attempts early. [1]