7.5
CVE-2025-13792
- EPSS 0.08%
- Veröffentlicht 30.11.2025 16:02:05
- Zuletzt bearbeitet 24.02.2026 07:16:53
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 8.20.105 and 8.24.98 addresses this issue. Upgrading the affected component is advised.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
Qualitor
Version
8.20.104
Status
affected
Version
8.24.0
Status
affected
Version
8.24.1
Status
affected
Version
8.24.2
Status
affected
Version
8.24.3
Status
affected
Version
8.24.4
Status
affected
Version
8.24.5
Status
affected
Version
8.24.6
Status
affected
Version
8.24.7
Status
affected
Version
8.24.8
Status
affected
Version
8.24.9
Status
affected
Version
8.24.10
Status
affected
Version
8.24.11
Status
affected
Version
8.24.12
Status
affected
Version
8.24.13
Status
affected
Version
8.24.14
Status
affected
Version
8.24.15
Status
affected
Version
8.24.16
Status
affected
Version
8.24.17
Status
affected
Version
8.24.18
Status
affected
Version
8.24.19
Status
affected
Version
8.24.20
Status
affected
Version
8.24.21
Status
affected
Version
8.24.22
Status
affected
Version
8.24.23
Status
affected
Version
8.24.24
Status
affected
Version
8.24.25
Status
affected
Version
8.24.26
Status
affected
Version
8.24.27
Status
affected
Version
8.24.28
Status
affected
Version
8.24.29
Status
affected
Version
8.24.30
Status
affected
Version
8.24.31
Status
affected
Version
8.24.32
Status
affected
Version
8.24.33
Status
affected
Version
8.24.34
Status
affected
Version
8.24.35
Status
affected
Version
8.24.36
Status
affected
Version
8.24.37
Status
affected
Version
8.24.38
Status
affected
Version
8.24.39
Status
affected
Version
8.24.40
Status
affected
Version
8.24.41
Status
affected
Version
8.24.42
Status
affected
Version
8.24.43
Status
affected
Version
8.24.44
Status
affected
Version
8.24.45
Status
affected
Version
8.24.46
Status
affected
Version
8.24.47
Status
affected
Version
8.24.48
Status
affected
Version
8.24.49
Status
affected
Version
8.24.50
Status
affected
Version
8.24.51
Status
affected
Version
8.24.52
Status
affected
Version
8.24.53
Status
affected
Version
8.24.54
Status
affected
Version
8.24.55
Status
affected
Version
8.24.56
Status
affected
Version
8.24.57
Status
affected
Version
8.24.58
Status
affected
Version
8.24.59
Status
affected
Version
8.24.60
Status
affected
Version
8.24.61
Status
affected
Version
8.24.62
Status
affected
Version
8.24.63
Status
affected
Version
8.24.64
Status
affected
Version
8.24.65
Status
affected
Version
8.24.66
Status
affected
Version
8.24.67
Status
affected
Version
8.24.68
Status
affected
Version
8.24.69
Status
affected
Version
8.24.70
Status
affected
Version
8.24.71
Status
affected
Version
8.24.72
Status
affected
Version
8.24.73
Status
affected
Version
8.24.74
Status
affected
Version
8.24.75
Status
affected
Version
8.24.76
Status
affected
Version
8.24.77
Status
affected
Version
8.24.78
Status
affected
Version
8.24.79
Status
affected
Version
8.24.80
Status
affected
Version
8.24.81
Status
affected
Version
8.24.82
Status
affected
Version
8.24.83
Status
affected
Version
8.24.84
Status
affected
Version
8.24.85
Status
affected
Version
8.24.86
Status
affected
Version
8.24.87
Status
affected
Version
8.24.88
Status
affected
Version
8.24.89
Status
affected
Version
8.24.90
Status
affected
Version
8.24.91
Status
affected
Version
8.24.92
Status
affected
Version
8.24.93
Status
affected
Version
8.24.94
Status
affected
Version
8.24.95
Status
affected
Version
8.24.96
Status
affected
Version
8.24.97
Status
affected
Version
8.20.105
Status
unaffected
Version
8.24.98
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.232 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.