CVE-2025-40714
Description
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /<Client>FacturaE/listado_facturas_ficha.jsp.
CWE
- CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected
- Quiter / Quiter Gateway (Java WAR on Apache Tomcat) — v=0 <4.7.0 [affected]
CVSS
- 4.0 score=9.3 severity=CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-quiterweb-autoweb-quiter
Source
cvelistV5-main/cves/2025/40xxx/CVE-2025-40714.json