Re-Desk Re vulnerabilities
2 known vulnerabilities affecting re-desk/re.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-15487P2CRITICALCVSS 9.8vdesk2020-09-30
CVE-2020-15487 [CRITICAL] CWE-89 CVE-2020-15487: Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() fu
Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update ce
nvd
CVE-2020-15849P3HIGHCVSS 7.2vdesk2020-09-30
CVE-2020-15849 [HIGH] CVE-2020-15849: Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, i
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by me
nvd