5 matches found
CVE-2020-15488
Re:Desk 2.3 allows insecure file upload...
CVE-2020-15488
Re:Desk 2.3 allows insecure file upload...
CVE-2020-15488
Re:Desk 2.3 allows insecure file upload...
Sql injection
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for...
CVE-2020-15488
CVE-2020-15488 affects Re:Desk 2.3 and is described as an insecure file upload vulnerability. Public records note this CVE with an NVD entry (NVD: CVE-2020-15488) and related references; associated scores indicate CVSS v2 base 5.0 (Medium) and CVSS v3.1 base 7.5 (High) with network access and low...