Cyber Resilience

CVE-2023-47253

CriticalPublic PoCRCE

Published: 06 November 2023

Published
06 November 2023
Modified
07 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9389 99.9th percentile
Risk Priority 76 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-47253 is a critical-severity Command Injection (CWE-77) vulnerability in Qualitor Qualitor. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Qualitor through version 8.20 contains a command-injection vulnerability (CWE-77) that permits unauthenticated remote code execution. The flaw resides in the gridValoresPopHidden parameter of html/ad/adpesquisasql/request/processVariavel.php, where attacker-supplied PHP code is processed without sanitization, allowing direct execution on the server.

An attacker with network access can submit a crafted request to the affected endpoint and obtain arbitrary code execution with the privileges of the web-server process. Successful exploitation yields full confidentiality, integrity, and availability impact, consistent with the CVSS 9.8 rating that requires no authentication or user interaction.

The associated EPSS score has reached 0.939, indicating a high likelihood of exploitation. Vendor advisories and updated releases are referenced at qualitor.com.br, including an official security advisory for CVE-2023-47253.

EU & UK References

Vulnerability details

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

qualitor
qualitor
≤ 8.20

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References