SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura.
History

Tue, 08 Jul 2025 11:45:00 +0000

Type Values Removed Values Added
Description SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura.
Title SQL injection vulnerability in Quiter Gateway
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2025-07-08T11:33:40.855Z

Updated: 2025-07-08T20:10:31.068Z

Reserved: 2025-04-16T08:38:19.332Z

Link: CVE-2025-40712

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-08T12:15:22.080

Modified: 2025-07-08T16:18:14.207

Link: CVE-2025-40712

cve-icon Redhat

No data.