CVE-2023-47253
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
06/11/2023
Last modified:
07/07/2025
Description
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:qualitor:qualitor:*:*:*:*:*:*:*:* | 8.20 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://openxp.xpsec.co/blog/cve-2023-47253
- https://www.linkedin.com/in/hairrison-wenning-4631a4124/
- https://www.linkedin.com/in/xvinicius/
- https://www.qualitor.com.br/official-security-advisory-cve-2023-47253
- https://www.qualitor.com.br/qualitor-8-20
- https://openxp.xpsec.co/blog/cve-2023-47253
- https://www.linkedin.com/in/hairrison-wenning-4631a4124/
- https://www.linkedin.com/in/xvinicius/
- https://www.qualitor.com.br/qualitor-8-20