PT-2025-45156 · Quipux · Quipux

Published

2025-11-05

·

Updated

2026-01-09

·

CVE-2025-55343

CVSS v3.1

9.9

Critical

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Quipux versions 4.0.1 through e1774ac
Description Quipux versions 4.0.1 through e1774ac are susceptible to SQL injection attacks. Authenticated users can exploit this issue through multiple PHP scripts and parameters. Specifically, the following API endpoints and variables are affected:
  • /busqueda/busqueda.php with parameters txt depe codi and txt usua codi
  • /anexos lista.php with parameter radi temp
  • /Administracion/listas/formArea ajax.php with parameter codDepe
  • /Administracion/listas/formDepeHijo ajax.php with parameter codDepe
  • /Administracion/listas/formDepePadre ajax.php with parameter codInst
  • /asociar documentos/asociar borrar referencia.php with parameter radi nume
  • /asociar documentos/asociar documento buscar query.php with parameter radi nume
  • /asociar documentos/asociar documento grabar.php with parameter txt radi nume
  • /asociar documentos/asociar documento with parameter radi nume
  • /radicacion/buscar usuario.php with parameter buscar tipo
  • /radicacion/formArea ajax.php with parameter codDepe
  • /radicacion/formDepeHijo ajax.php with parameter codDepe
  • /radicacion/formDepePadre ajax.php with parameter codInst
  • /radicacion/ver datos usuario.php with parameter destinatorio
  • /reportes/reporte TraspasoDocFisico.php with parameter verrad
  • /tx/datos imprimir sobre.php with parameters txt usua codi and nume radi temp
  • /tx/revertir firma digital grabar.php with parameter txt radi nume
  • /tx/tx borrar opcion imp.php with parameter codigo opc
  • /tx/tx realizar tx.php with parameter txt radicados
  • /tx/tx seguridad documentos.php with parameter txt radicados
  • /uploadFiles/cargar doc digitalizado paginador.php with parameter txt depe codi
Recommendations Quipux versions 4.0.1 through e1774ac are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-55343

Affected Products

Quipux