CVE-2023-47253 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-47253?

CVE-2023-47253 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary PHP code on Qualitor systems through improper input validation in the gridValoresPopHidden parameter. Attackers can achieve remote code execution (RCE) without authentication, potentially taking full control of affected systems. All Qualitor installations through version 8.20 are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary PHP code on Qualitor systems through improper input validation in the gridValoresPopHidden parameter. Attackers can achieve remote code execution (RCE) without authentication, potentially taking full control of affected systems. All Qualitor installations through version 8.20 are affected.

💻 Affected Systems

Products:

Qualitor

Versions: Through 8.20

Operating Systems: Any OS running Qualitor

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected Qualitor versions are vulnerable. The vulnerable file is part of the standard installation.

📦 What is this software?

Qualitor by Qualitor

View all CVEs affecting Qualitor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive data, deploy ransomware, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to data theft, credential harvesting, installation of backdoors, and lateral movement within the network.

🟢

If Mitigated

Limited impact if proper network segmentation, web application firewalls, and input validation controls are in place to block exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing web applications.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated RCE which could be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is easily exploitable with publicly available proof-of-concept code. Attackers can send crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Qualitor 8.21 or later

Vendor Advisory: https://www.qualitor.com.br/official-security-advisory-cve-2023-47253

Restart Required: Yes

Instructions:

1. Download Qualitor 8.21 or later from the vendor. 2. Backup current installation and database. 3. Apply the update following vendor instructions. 4. Restart the Qualitor service. 5. Verify the fix by checking the version and testing the vulnerable endpoint.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Temporarily block access to the vulnerable PHP file using web server configuration or firewall rules.

# Apache: RewriteRule ^/html/ad/adpesquisasql/request/processVariavel\.php - [F,L]
# Nginx: location ~ /html/ad/adpesquisasql/request/processVariavel\.php { deny all; }

Input validation filter

all

Implement input validation to block PHP code patterns in the gridValoresPopHidden parameter.

# Example PHP filter: if (preg_match('/<\?php|eval\(|system\(|exec\(|shell_exec\(/i', $_POST['gridValoresPopHidden'])) { die('Invalid input'); }

🧯 If You Can't Patch

Implement strict network segmentation to isolate Qualitor systems from critical infrastructure
Deploy a web application firewall (WAF) with rules to block RCE attempts and PHP code injection patterns

🔍 How to Verify

Check if Vulnerable:

Check if the file /html/ad/adpesquisasql/request/processVariavel.php exists and accepts POST requests with gridValoresPopHidden parameter. Test with safe payloads to confirm vulnerability.

Check Version:

Check Qualitor version in the application interface or configuration files. Typically found in /qualitor/version.txt or similar location.

Verify Fix Applied:

After patching, verify the version is 8.21 or later and test that the vulnerable endpoint no longer executes arbitrary PHP code.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /html/ad/adpesquisasql/request/processVariavel.php with suspicious parameters
PHP execution errors or unusual process spawns from the Qualitor web server

Network Indicators:

Unusual outbound connections from Qualitor server
HTTP requests containing PHP code patterns or base64 encoded payloads

SIEM Query:

source="web_server" AND (url="/html/ad/adpesquisasql/request/processVariavel.php" OR (POST AND param="gridValoresPopHidden" AND value MATCHES "<\\?php|eval\\(|system\\(|exec\\("))

📊 Metadata

CVE ID: CVE-2023-47253

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: November 6, 2023

Last Updated: July 7, 2025

🔗 References

https://openxp.xpsec.co/blog/cve-2023-47253 Exploit,Third Party Advisory
https://www.linkedin.com/in/hairrison-wenning-4631a4124/ Not Applicable
https://www.linkedin.com/in/xvinicius/ Permissions Required
https://www.qualitor.com.br/official-security-advisory-cve-2023-47253 Vendor Advisory
https://www.qualitor.com.br/qualitor-8-20 Product,Release Notes
https://openxp.xpsec.co/blog/cve-2023-47253 Exploit,Third Party Advisory
https://www.linkedin.com/in/hairrison-wenning-4631a4124/ Not Applicable
https://www.linkedin.com/in/xvinicius/ Permissions Required
https://www.qualitor.com.br/qualitor-8-20 Product,Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47253, you might also want to check these: