2 matches found
CVE-2020-14942
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py...
CVE-2020-14942
Tendenci 15.3.11 and earlier contains a critical deserialization vulnerability in the Helpdesk module (staff.py) where an authenticated user with Staff security level can trigger Remote Code Execution via pickle.loads in run_report(); ticket_list() uses safe JSON deserialization. This is a conseq...