exploitDog

CVE-2023-25350

Опубликовано: 24 мар. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection.

Ссылки

https://gist.github.com/Whitehat-Su/8402323c00ea93b4abc21ab9a372101e
Third Party Advisory
https://github.com/ladybirdweb/faveo-helpdesk/issues/7827
Exploit
Issue Tracking
Third Party Advisory
https://gist.github.com/Whitehat-Su/8402323c00ea93b4abc21ab9a372101e
Third Party Advisory
https://github.com/ladybirdweb/faveo-helpdesk/issues/7827
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ladybirdweb:faveo_helpdesk:*:*:*:*:*:*:*:*

Версия от 1.0 (включая) до 1.11.1 (включая)

EPSS

Процентиль: 26%

0.00093

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-qfr3-mfc8-5fjx

CVSS3: 8.8

github

почти 3 года назад

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection.

EPSS

Процентиль: 26%

0.00093

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

CWE-89