Remote code execution

An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and self variables was not...

SQL Injection Vulnerability in Qixing Helpdesk kb***_ca***.aspx Interface

Kaixin HelpdeskHelpdesk is a system for dealing with day-to-day issues that helps IT collect the issues it deals with on a daily basis and generate reports to quantify the work. A SQL injection vulnerability exists in the kbca.aspx interface of Qixing Helpdesk, which can be exploited by attackers...