PT-2023-20035 · Unknown · Faveo Helpdesk

Ghost

Publicado

2023-03-24

Atualizado

2025-02-21

CVE-2023-25350

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Faveo Helpdesk versions 1.0 through 1.11.1

Description The issue arises from a lack of validation on user input data during the login process. This allows parameters passed from the front end to the back end to be controlled, leading to SQL injection.

Recommendations For Faveo Helpdesk versions 1.0 through 1.11.1, consider validating user input data to prevent SQL injection attacks. As a temporary workaround, restrict access to sensitive database operations until a proper fix is applied.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-25350

Produtos afetados

Faveo Helpdesk

PT-2023-20035 · Unknown · Faveo Helpdesk

CVE-2023-25350

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5