Qualitor
by Qualitor
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13792 | Hig | 0.47 | 7.3 | 0.00 | Nov 30, 2025 | A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote… | ||
| CVE-2025-5139 | Med | 0.37 | 5.6 | 0.03 | May 25, 2025 | A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of… | ||
| CVE-2025-14580 | Low | 0.23 | 3.5 | 0.00 | Dec 12, 2025 | A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is… | ||
| CVE-2023-47253 | 0.08 | — | 0.14 | Nov 6, 2023 | Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. | |||
| CVE-2024-48360 | 0.07 | — | 0.04 | Oct 31, 2024 | Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. | |||
| CVE-2024-44849 | 0.07 | — | 0.46 | Sep 9, 2024 | Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. | |||
| CVE-2024-48359 | 0.03 | — | 0.02 | Oct 31, 2024 | Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. |
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote…
- risk 0.37cvss 5.6epss 0.03
A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of…
- risk 0.23cvss 3.5epss 0.00
A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is…
- CVE-2023-47253Nov 6, 2023risk 0.08cvss —epss 0.14
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
- CVE-2024-48360Oct 31, 2024risk 0.07cvss —epss 0.04
Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.
- CVE-2024-44849Sep 9, 2024risk 0.07cvss —epss 0.46
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.
- CVE-2024-48359Oct 31, 2024risk 0.03cvss —epss 0.02
Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.