Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
References
Link | Resource |
---|---|
https://openxp.xpsec.co/blog/cve-2023-47253 | Exploit Third Party Advisory |
https://www.linkedin.com/in/hairrison-wenning-4631a4124/ | Not Applicable |
https://www.linkedin.com/in/xvinicius/ | Permissions Required |
https://www.qualitor.com.br/qualitor-8-20 | Product Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-06T00:00:00
Updated: 2023-11-06T05:13:57.534286
Reserved: 2023-11-05T00:00:00
Link: CVE-2023-47253
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-06T06:15:40.957
Modified: 2023-11-14T20:03:09.900
Link: CVE-2023-47253
JSON object: View
Redhat Information
No data.
CWE