CVE-2023-25350

HIGH

Faveo Helpdesk 1.0-1.11.1 - SQL Injection via Login Input

Title source: llm
STIX 2.1

Description

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/ladybirdweb/faveo-helpdesk/issues/7827

Scores

CVSS v3 8.8
EPSS 0.0080
EPSS Percentile 52.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
ladybirdweb/faveo_helpdesk 1.0 - 1.11.1
Published Mar 24, 2023
Tracked Since Feb 18, 2026