Lucene search

K

Re-desk Security Vulnerabilities

cve
cve

CVE-2020-15849

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for....

7.2CVSS

7.7AI Score

0.001EPSS

2020-09-30 07:15 PM
17
cve
cve

CVE-2020-15488

Re:Desk 2.3 allows insecure file...

7.5CVSS

7AI Score

0.001EPSS

2020-09-30 07:15 PM
16
cve
cve

CVE-2020-15487

Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution.....

9.8CVSS

10AI Score

0.001EPSS

2020-09-30 06:15 PM
17