CVE-2023-53935
SQL Injection in WBiz Desk 1.2 Allows Data Extraction
Publication date: 2025-12-18
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wbiz | desk | 1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this SQL injection vulnerability in WBiz Desk affects compliance with common standards and regulations such as GDPR or HIPAA. Therefore, the impact on compliance cannot be determined from the given information.
Can you explain this vulnerability to me?
CVE-2023-53935 is a SQL injection vulnerability in WBiz Desk version 1.2, specifically in the ticket.php file through the 'tk' parameter. It allows non-admin users to inject malicious SQL code using UNION-based techniques by sending specially crafted requests to the ticket endpoint. This enables attackers to manipulate database queries and extract sensitive information from the database. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with normal user privileges to extract sensitive database information without authorization. It poses a risk of unauthorized data exposure and potential manipulation of database content, compromising confidentiality and integrity of the system's data. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP requests to the ticket.php endpoint, specifically targeting the 'tk' parameter with SQL injection payloads. For example, using curl to test for SQL injection: curl -v 'http://target-site/ticket.php?tk=1' and then curl -v 'http://target-site/ticket.php?tk=1 UNION SELECT ...' to observe if the response reveals database information or errors indicating SQL injection. Monitoring web server logs for unusual or malformed requests to ticket.php with suspicious 'tk' parameter values can also help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or validating input on the 'tk' parameter in ticket.php to prevent SQL injection, such as implementing prepared statements or parameterized queries. Limiting user privileges to the minimum necessary and monitoring for suspicious activity on the ticket endpoint are also recommended. If possible, apply patches or updates from the vendor addressing this vulnerability. Additionally, consider implementing web application firewall (WAF) rules to block SQL injection attempts targeting the 'tk' parameter. [2, 3]