CVE-2023-47253

CVSS 9.8 CRITICALEPSS 14.4%CWE-77

Vexday Risk Score

68High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 14.4%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Lifecycle

06 Nov 2023Published on NVD

19 Sep 2024Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 2

githubgithub.com/gmh5225/CVE-2023-47253★ 0 githubgithub.com/OpenXP-Research/CVE-2023-47253★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://openxp.xpsec.co/blog/cve-2023-47253 https://www.linkedin.com/in/hairrison-wenning-4631a4124/https://www.linkedin.com/in/xvinicius/https://www.qualitor.com.br/official-security-advisory-cve-2023-47253 https://www.qualitor.com.br/qualitor-8-20