CVE-2025-13792
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on Qualitor systems by manipulating the 'passageiros' parameter in the /html/st/stdeslocamento/request/getResumo.php file. It affects Qualitor versions up to 8.20.104 and 8.24.97. Attackers can exploit this without authentication to gain control of affected systems.
💻 Affected Systems
- Qualitor
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.
Likely Case
Remote code execution allowing attackers to install backdoors, exfiltrate sensitive data, or disrupt business operations.
If Mitigated
Limited impact if proper network segmentation, WAF rules, and input validation are in place to block exploitation attempts.
🎯 Exploit Status
Exploit has been released publicly and remote exploitation is confirmed possible without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.20.105 and 8.24.98
Vendor Advisory: https://www.qualitor.com.br/official-security-advisory-cve-2025-13792
Restart Required: Yes
Instructions:
1. Download the latest version from Qualitor official sources. 2. Backup current installation and data. 3. Apply the update following vendor instructions. 4. Restart the Qualitor service/application. 5. Verify the update was successful.
🔧 Temporary Workarounds
Block vulnerable endpoint
allUse web application firewall or network controls to block access to /html/st/stdeslocamento/request/getResumo.php
# Example for Apache: RewriteRule ^/html/st/stdeslocamento/request/getResumo\.php$ - [F]
# Example for Nginx: location ~ ^/html/st/stdeslocamento/request/getResumo\.php$ { deny all; }
Input validation at proxy level
allImplement strict input validation for the 'passageiros' parameter to block malicious payloads
# WAF rule example: Block requests containing suspicious patterns in passageiros parameter
🧯 If You Can't Patch
- Isolate affected systems from internet and restrict network access to only necessary connections
- Implement strict monitoring and alerting for exploitation attempts against the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check Qualitor version in administration panel or configuration files. If version is ≤8.20.104 or ≤8.24.97, system is vulnerable.Check Version:
Check Qualitor web interface administration panel or configuration files for version informationVerify Fix Applied:
Verify version is updated to 8.20.105 or 8.24.98. Test the vulnerable endpoint with safe payloads to confirm code injection is no longer possible.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /html/st/stdeslocamento/request/getResumo.php with suspicious passageiros parameter values
- PHP execution errors or unexpected system commands in logs
Network Indicators:
- HTTP requests containing code injection patterns in the passageiros parameter
- Outbound connections from Qualitor server to unexpected destinations
SIEM Query:
source="qualitor_logs" AND uri="/html/st/stdeslocamento/request/getResumo.php" AND (passageiros CONTAINS "system(" OR passageiros CONTAINS "exec(" OR passageiros CONTAINS "eval(")