7.5
CVE-2025-13792
- EPSS 0.4%
- Veröffentlicht 30.11.2025 16:02:05
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Qualitor getResumo.php eval code injection
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 8.20.105 and 8.24.98 addresses this issue. Upgrading the affected component is advised.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
Qualitor
Version
8.20.104
Status
affected
Version
8.24.0
Status
affected
Version
8.24.1
Status
affected
Version
8.24.2
Status
affected
Version
8.24.3
Status
affected
Version
8.24.4
Status
affected
Version
8.24.5
Status
affected
Version
8.24.6
Status
affected
Version
8.24.7
Status
affected
Version
8.24.8
Status
affected
Version
8.24.9
Status
affected
Version
8.24.10
Status
affected
Version
8.24.11
Status
affected
Version
8.24.12
Status
affected
Version
8.24.13
Status
affected
Version
8.24.14
Status
affected
Version
8.24.15
Status
affected
Version
8.24.16
Status
affected
Version
8.24.17
Status
affected
Version
8.24.18
Status
affected
Version
8.24.19
Status
affected
Version
8.24.20
Status
affected
Version
8.24.21
Status
affected
Version
8.24.22
Status
affected
Version
8.24.23
Status
affected
Version
8.24.24
Status
affected
Version
8.24.25
Status
affected
Version
8.24.26
Status
affected
Version
8.24.27
Status
affected
Version
8.24.28
Status
affected
Version
8.24.29
Status
affected
Version
8.24.30
Status
affected
Version
8.24.31
Status
affected
Version
8.24.32
Status
affected
Version
8.24.33
Status
affected
Version
8.24.34
Status
affected
Version
8.24.35
Status
affected
Version
8.24.36
Status
affected
Version
8.24.37
Status
affected
Version
8.24.38
Status
affected
Version
8.24.39
Status
affected
Version
8.24.40
Status
affected
Version
8.24.41
Status
affected
Version
8.24.42
Status
affected
Version
8.24.43
Status
affected
Version
8.24.44
Status
affected
Version
8.24.45
Status
affected
Version
8.24.46
Status
affected
Version
8.24.47
Status
affected
Version
8.24.48
Status
affected
Version
8.24.49
Status
affected
Version
8.24.50
Status
affected
Version
8.24.51
Status
affected
Version
8.24.52
Status
affected
Version
8.24.53
Status
affected
Version
8.24.54
Status
affected
Version
8.24.55
Status
affected
Version
8.24.56
Status
affected
Version
8.24.57
Status
affected
Version
8.24.58
Status
affected
Version
8.24.59
Status
affected
Version
8.24.60
Status
affected
Version
8.24.61
Status
affected
Version
8.24.62
Status
affected
Version
8.24.63
Status
affected
Version
8.24.64
Status
affected
Version
8.24.65
Status
affected
Version
8.24.66
Status
affected
Version
8.24.67
Status
affected
Version
8.24.68
Status
affected
Version
8.24.69
Status
affected
Version
8.24.70
Status
affected
Version
8.24.71
Status
affected
Version
8.24.72
Status
affected
Version
8.24.73
Status
affected
Version
8.24.74
Status
affected
Version
8.24.75
Status
affected
Version
8.24.76
Status
affected
Version
8.24.77
Status
affected
Version
8.24.78
Status
affected
Version
8.24.79
Status
affected
Version
8.24.80
Status
affected
Version
8.24.81
Status
affected
Version
8.24.82
Status
affected
Version
8.24.83
Status
affected
Version
8.24.84
Status
affected
Version
8.24.85
Status
affected
Version
8.24.86
Status
affected
Version
8.24.87
Status
affected
Version
8.24.88
Status
affected
Version
8.24.89
Status
affected
Version
8.24.90
Status
affected
Version
8.24.91
Status
affected
Version
8.24.92
Status
affected
Version
8.24.93
Status
affected
Version
8.24.94
Status
affected
Version
8.24.95
Status
affected
Version
8.24.96
Status
affected
Version
8.24.97
Status
affected
Version
8.20.105
Status
unaffected
Version
8.24.98
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.312 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 5.5 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
https://vuldb.com/?id.333796
https://vuldb.com/?ctiid.333796
https://vuldb.com/?submit.691251
https://www.youtube.com/watch?v=hU8YbFc6KpI
https://www.qualitor.com.br/official-security-advisory-cve-2025-13792
https://vuldb.com/?submit.704314