SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/<Client>FacturaE/BusquedasFacturasSesion.
History

Tue, 08 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Jul 2025 11:45:00 +0000

Type Values Removed Values Added
Description SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/<Client>FacturaE/BusquedasFacturasSesion.
Title SQL injection vulnerability in Quiter Gateway
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2025-07-08T11:35:31.949Z

Updated: 2025-07-08T19:51:13.709Z

Reserved: 2025-04-16T08:38:19.332Z

Link: CVE-2025-40713

cve-icon Vulnrichment

Updated: 2025-07-08T19:50:42.936Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-08T12:15:22.230

Modified: 2025-07-08T16:18:14.207

Link: CVE-2025-40713

cve-icon Redhat

No data.