CVE-2021-43609

CRITICAL

Spiceworks Help Desk Server <1.3.3 - Blind Boolean SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43609. PoCs published by d5sec.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-43609, targeting a SQL injection vulnerability in Spiceworks. The exploit chain involves SQLi to read files, followed by RCE via a crafted Ruby script.

Description

An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data.

Exploits (1)

nomisec WORKING POC 5 stars
by d5sec · poc
https://github.com/d5sec/CVE-2021-43609-POC

This repository contains a functional exploit for CVE-2021-43609, targeting a SQL injection vulnerability in Spiceworks. The exploit chain involves SQLi to read files, followed by RCE via a crafted Ruby script.

Classification
Working Poc 95%
Attack Type
Sqli, Rce
Complexity
Moderate
Reliability
Reliable
Target: Spiceworks
Auth required
Prerequisites: Valid credentials for Spiceworks · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.9
EPSS 0.0202
EPSS Percentile 78.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
spiceworks/help_desk_server < 1.3.3
Published Nov 09, 2023
Tracked Since Feb 18, 2026