CVE-2023-53935

Publication date

2025-12-18 19:53:32

Family

VulnCheck

State

PUBLISHED

Description

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the tk parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed requests to the ticket endpoint.