CVE-2023-3038

Name of the Vulnerable Software and Affected Versions HelpDezk Community version 1.1.10

Description The issue is related to a SQL injection vulnerability that could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the "jsonGrid route" and extract all the information stored in the application.

Recommendations For version 1.1.10, consider disabling access to the "jsonGrid route" until a patch is available. Restrict the use of the rows parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.