Aggregates CVE and security vulnerability intelligence across all quipux-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection, vendor risk cross-site scripting, and vendor risk path handling; exposure may include vendor impact session compromise in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-55343 | Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqueda/busqueda.php txt_usua_codi, anexos_lista.php radi_temp, Administracion/listas/formArea_ajax.php codDepe, Administracion/listas/formDepeHijo_ajax.php codDepe, Administracion/listas/formDepePadre_ajax.php codInst, asociar_documentos/asociar_borrar_referencia.php radi_nume, asociar_documentos/asociar_documento_buscar_query.php radi_nume, asociar_documentos/asoci | [email protected] | 9.9 | 0.03% | 2025-11-05 | 2026-01-09 |
| CVE-2025-55342 | Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter. | [email protected] | 5.3 | 0.03% | 2025-11-05 | 2026-01-14 |
| CVE-2025-55341 | Cross Site Scripting vulnerability in Quipux 4.0.1 through e1774ac allows anexos/anexos_nuevo.php asocImgRad. | [email protected] | 6.5 | 0.03% | 2025-11-05 | 2026-01-08 |