CVE-2023-53935

Name of the Vulnerable Software and Affected Versions WBiz Desk version 1.2

Description A SQL injection issue exists in WBiz Desk 1.2 that allows non-admin users to manipulate database queries. This is possible through the tk parameter within the 'ticket.php' file. Attackers can inject crafted SQL statements, utilizing UNION-based techniques, to extract sensitive database information by sending specially crafted requests to the ''/ticket.php'' endpoint.

Recommendations Apply updates to address the SQL injection issue in the 'ticket.php' file. Restrict access to the tk parameter in the ''/ticket.php'' endpoint.