CVE-2023-47253

CRITICAL EXPLOITED NUCLEI

Qualitor < 8.20 - Remote Code Execution via processVariavel.php gridValoresPopHidden Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-47253 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including OpenXP-Research, gmh5225. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository provides a technical analysis of CVE-2023-47253, detailing an unauthenticated RCE vulnerability in Qualitor <= 8.20 due to unsafe use of eval() on user-controlled input in the 'gridValoresPopHidden' parameter. It includes a proof-of-concept description and code snippet but lacks functional exploit code.

Description

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.

Exploits (2)

nomisec WRITEUP
by OpenXP-Research · remote
https://github.com/OpenXP-Research/CVE-2023-47253

The repository provides a technical analysis of CVE-2023-47253, detailing an unauthenticated RCE vulnerability in Qualitor <= 8.20 due to unsafe use of eval() on user-controlled input in the 'gridValoresPopHidden' parameter. It includes a proof-of-concept description and code snippet but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Qualitor <= 8.20
No auth needed
Prerequisites: Network access to the vulnerable application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by gmh5225 · remote
https://github.com/gmh5225/CVE-2023-47253

The repository provides a technical analysis of CVE-2023-47253, detailing an RCE vulnerability in Qualitor <= 8.20 due to unsafe use of eval() on user-controlled input in the 'gridValoresPopHidden' parameter. It includes a proof-of-concept description and references the vulnerable code snippet.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Qualitor <= 8.20
No auth needed
Prerequisites: Access to the vulnerable endpoint /html/ad/adpesquisasql/request/processVariavel.php
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Qualitor <= 8.20 - Remote Code Execution
CRITICALVERIFIEDby s4e-io
FOFA: Qualitor

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.9389
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2026-03-24
CWE
CWE-77
Status published
Products (1)
qualitor/qualitor < 8.20
Published Nov 06, 2023
Tracked Since Feb 18, 2026