CVE-2023-47253
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.linkedin.com/in/xvinicius/
- https://www.linkedin.com/in/hairrison-wenning-4631a4124/
- https://www.qualitor.com.br/qualitor-8-20
- https://openxp.xpsec.co/blog/cve-2023-47253
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://www.linkedin.com/in/xvinicius/
- https://www.linkedin.com/in/hairrison-wenning-4631a4124/
- https://www.qualitor.com.br/qualitor-8-20
- https://openxp.xpsec.co/blog/cve-2023-47253
- https://www.qualitor.com.br/official-security-advisory-cve-2023-47253
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.