CVE-2023-36235

An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.

• https://github.com/Ek-Saini/security/blob/main/IDOR-Qloapps
  Exploit
• https://github.com/webkul/hotelcommerce/pull/537
  Patch
• https://qloapps.com/
  Product
• https://github.com/Ek-Saini/security/blob/main/IDOR-Qloapps
  Exploit
• https://github.com/webkul/hotelcommerce/pull/537
  Patch
• https://qloapps.com/
  Product