CVE-2023-53935

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

CVE-2023-53935

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

CVE-2023-53935

Summary: CVE-2023-53935 affects WBiz Desk 1.2, where a SQL injection flaw exists in ticket.php via the non-admin-accessible tk parameter. The vulnerability enables crafted UNION-based SQL payloads that can extract sensitive data by targeting the ticket endpoint. Impact (as described): Non-admin u...

CVE-2023-53935 WBiz Desk 1.2 SQL Injection Vulnerability via ticket.php Parameter

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

CVE-2023-53935 WBiz Desk 1.2 SQL Injection Vulnerability via ticket.php Parameter

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

WBiz Desk SQL注入漏洞

WBiz Desk is a work order management system of WBiz open source. A SQL injection vulnerability exists in WBiz Desk version 1.2, which originates from the tk parameter in ticket.php may be injected with malicious SQL statements, resulting in SQL injection attacks...

PT-2025-52314

Name of the Vulnerable Software and Affected Versions WBiz Desk version 1.2 Description A SQL injection issue exists in WBiz Desk 1.2 that allows non-admin users to manipulate database queries. This is possible through the tk parameter within the 'ticket.php' file. Attackers can inject crafted SQ...

WBiz Desk 1.2 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

WBiz Desk 1.2 SQL Injection

Exploit Title: WBiz Desk 1.2 - SQL Injection Exploit Date: May 12, 2023. CVSS 3.1: 6.4 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Tactic: Initial Access TA0001 Technique: Exploit Public-Facing Application T1190 Application Name: WBiz Desk Application Version: 1.2 Link:...

WBiz Desk 1.2 SQL Injection Vulnerability

Exploit Title: WBiz Desk 1.2 - SQL Injection CVSS 3.1: 6.4 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Tactic: Initial Access TA0001 Technique: Exploit Public-Facing Application T1190 Application Name: WBiz Desk Application Version: 1.2 Link:...