CVE-2023-47253
published 2023-11-06CVE-2023-47253: Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
14.42%
96.2th percentile
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualitor | qualitor | <= 8.20 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/html/ad/adpesquisasql/request/processVariavel.php?gridValoresPopHidden=echo%20system("ipconfig");
commandgridValoresPopHidden=echo%20system("ipconfig");
- →Look for GET requests targeting /html/ad/adpesquisasql/request/processVariavel.php with a non-empty or PHP-containing gridValoresPopHidden parameter — this is the sole injection vector for CVE-2023-47253. ↗
- →The exploit requires no authentication (PR:N, UI:N per CVSS), so any unauthenticated request to the vulnerable endpoint with PHP payload in gridValoresPopHidden should be treated as an active exploitation attempt.
- ·The PoC command used in the Nuclei template targets Windows hosts (ipconfig / DNS output); detection logic checking for Windows-specific command output will miss exploitation attempts against Linux-hosted Qualitor instances.
- ·Affected versions are Qualitor through 8.20 (CPE cpe:2.3:a:qualitor:qalitor:*); version 8.21+ is remediated — scope detection rules to assets running ≤8.20.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qvcf-7rv4-rh36: Qualitor through 8
ghsa_unreviewed·2023-11-06
CVE-2023-47253 [CRITICAL] CWE-77 GHSA-qvcf-7rv4-rh36: Qualitor through 8
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
VulnCheck
qualitor qualitor Improper Neutralization of Special Elements used in a Command ('Command Injection')
vulncheck·2023·CVSS 9.8
CVE-2023-47253 [CRITICAL] qualitor qualitor Improper Neutralization of Special Elements used in a Command ('Command Injection')
qualitor qualitor Improper Neutralization of Special Elements used in a Command ('Command Injection')
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
Affected: qualitor qualitor
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-03-24&host_type=src&vulnerability=cve-2023-47253; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-03-25&host_type=src&vulnerability=cve-2023-47253; https://dashboard.shadowserver.org/statistics
No detection rules found.
Nuclei
Qualitor <= 8.20 - Remote Code Execution
nuclei·CVSS 9.8
CVE-2023-47253 [CRITICAL] Qualitor <= 8.20 - Remote Code Execution
Qualitor <= 8.20 - Remote Code Execution
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
Template:
id: CVE-2023-47253
info:
name: Qualitor <= 8.20 - Remote Code Execution
author: s4e-io
severity: critical
description: |
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
impact: |
Unauthenticated attackers can execute arbitrary commands via PHP code injection, potentially compromising the entire Qualitor system.
remediation: |
Upgrade Qualitor to version 8.21 or later.
reference:
- https://github.com/vnxdtzip/CVE-2023-47253
- https://nvd.nist
https://openxp.xpsec.co/blog/cve-2023-47253https://www.linkedin.com/in/hairrison-wenning-4631a4124/https://www.linkedin.com/in/xvinicius/https://www.qualitor.com.br/official-security-advisory-cve-2023-47253https://www.qualitor.com.br/qualitor-8-20https://openxp.xpsec.co/blog/cve-2023-47253https://www.linkedin.com/in/hairrison-wenning-4631a4124/https://www.linkedin.com/in/xvinicius/https://www.qualitor.com.br/qualitor-8-20
2023-11-06
Published
Exploited in the wild