PT-2023-20035 · Unknown · Faveo Helpdesk
Ghost
·
Published
2023-03-24
·
Updated
2025-02-21
·
CVE-2023-25350
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Faveo Helpdesk versions 1.0 through 1.11.1
Description
The issue arises from a lack of validation on user input data during the login process. This allows parameters passed from the front end to the back end to be controlled, leading to SQL injection.
Recommendations
For Faveo Helpdesk versions 1.0 through 1.11.1, consider validating user input data to prevent SQL injection attacks. As a temporary workaround, restrict access to sensitive database operations until a proper fix is applied.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Faveo Helpdesk