CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48359
https://notcve.org/view.php?id=CVE-2024-48359
31 Oct 2024 — Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. • https://github.com/OpenXP-Research/CVE-2024-48359 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-48360 – Qualitor 8.24 Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-48360
31 Oct 2024 — Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. Qualitor versions 8.24 and below suffer from an unauthenticated server-side request forgery vulnerability. • https://packetstorm.news/files/id/182427 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-44849
https://notcve.org/view.php?id=CVE-2024-44849
09 Sep 2024 — Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. • https://github.com/extencil/CVE-2024-44849 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 4CVE-2023-47253
https://notcve.org/view.php?id=CVE-2023-47253
06 Nov 2023 — Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. Qualitor hasta 8.20 permite a atacantes remotos ejecutar código arbitrario mediante código PHP en el parámetro html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden. • https://github.com/vnxdtzip/CVE-2023-47253 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •