Описание
WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed requests to the ticket endpoint.
EPSS
Процентиль: 8%
0.00029
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 5.4
github
около 2 месяцев назад
WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed requests to the ticket endpoint.
EPSS
Процентиль: 8%
0.00029
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-89