CNNVD-202512-3385 Information

CNNVD ID

CNNVD-202512-3385

Related CVE

CVE-2023-53935

• CNNVD Published: 2025-12-18

Description (Chinese)

WBiz Desk是WBiz开源的一个工单管理系统。 WBiz Desk 1.2版本存在SQL注入漏洞，该漏洞源于ticket.php中的tk参数可能被注入恶意SQL语句，导致SQL注入攻击。

Description (English)

WBiz Desk is an open source worksheet management system for WBiz. Version 1.2 of WBiz Desk has an injection loophole in SQL, which stems from the fact that the tk parameters in ticket.php may have been injected into malicious SQL statements, leading to SQL being injected into the attack.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

Websitem

Published

2025-12-18

Last Modified

2026-02-24

References

https://www.codester.com/items/5641/wbiz-desk-simple-and-effective-help-desk-system https://www.exploit-db.com/exploits/51451 https://www.vulncheck.com/advisories/wbiz-desk-sql-injection-vulnerability-via-ticketphp-parameter