| Titolo | Qualitor Software e Serv. em Inf. S.A. Qualitor 8.20/8.24 Code Injection |
|---|
| Descrizione | Publication Date: Dec 1, 2025
CVE Identifier: CVE-2025-13792
Affected Product(s): Qualitor – Versions 8.20.104 and 8.24.97 or earlier
Summary of the Vulnerability
A vulnerability was found in Qualitor 8.20/8.24, classified as critical. This vulnerability affects the eval function of the file /html/st/stdeslocamento/request/getResumo.php. Handling the passenger parameter with an unknown input leads to a code injection vulnerability.
The CWE definition associated with this vulnerability is CWE-94. This means that the product constructs a code snippet wholly or partially using an input externally influenced by an upstream component, but does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code.
Resolution and Fix
Upon identifying the vulnerability, our security team promptly developed, tested, and released a patch to eliminate the associated risks.
The issue has been resolved in the following versions:
8.20.105
8.24.98
The update is available through our official support channels.
We strongly recommend that all customers update to these versions or later as soon as possible to ensure continued security.
Actions Taken
Investigation and Mitigation: We analyzed the issue and applied the necessary fix to remove the vulnerability.
Quality Assurance: Extensive testing was conducted to confirm that the fix did not impact system stability or performance.
Customer Notification: We proactively informed customers and provided guidance on how to apply the patch.
Recommendations for Customers
Verify your current version – Ensure your installation is running version 8.20.105, 8.24.98, or higher.
Apply the security update – Follow the instructions provided through our official support channels.
Reach out if needed – For questions or assistance, please contact our technical support team.
Our Commitment to Security
At Qualitor Software, we take product security very seriously. We continuously monitor, assess, and improve our systems to protect our customers. We are committed to timely vulnerability management and to maintaining a secure application environment for all users.
Contact Us
For further information or technical support, please contact us:
Email: [email protected]
Support Portal: https://qualitor.qualitorsoftware.com/loginUsuario.php |
|---|
| Fonte | ⚠️ https://www.qualitor.com.br/official-security-advisory-cve-2025-13792 |
|---|
| Utente | Dante Michelon (UID 86482) |
|---|
| Sottomissione | 01/12/2025 19:32 (7 mesi fa) |
|---|
| Moderazione | 07/12/2025 09:39 (6 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 333796 [Qualitor fino a 8.20.104/8.24.97 getResumo.php eval passageiros escalationi di privilegi] |
|---|
| Punti | 10 |
|---|