CVE-2023-25350
HIGHFaveo Helpdesk 1.0-1.11.1 - SQL Injection via Login Input
Title source: llmDescription
Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection.
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/Whitehat-Su/8402323c00ea93b4abc21ab9a372101e
Exploit, Issue Tracking, Third Party Advisory
https://github.com/ladybirdweb/faveo-helpdesk/issues/7827
Scores
CVSS v3
8.8
EPSS
0.0080
EPSS Percentile
52.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
ladybirdweb/faveo_helpdesk
1.0 - 1.11.1
Published
Mar 24, 2023
Tracked Since
Feb 18, 2026