CVE-2020-15487

{"id": "CVE-2020-15487", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-09-30T18:15:22.273", "references": [{"url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.re-desk.com/download-help-desk-software.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.re-desk.com/download-help-desk-software.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update certain database values, which are then executed by a bizRule eval() function in the yii/framework/web/auth/CAuthManager.php file. Resultant authorization bypass is also possible, by recovering or modifying password hashes and password reset tokens, allowing for administrative privileges to be obtained."}, {"lang": "es", "value": "Re:Desk versi\u00f3n 2.3, contiene una vulnerabilidad de inyecci\u00f3n SQL ciega no autenticada en la funci\u00f3n getBaseCriteria() en el archivo protected/models/Ticket.php. Al modificar el par\u00e1metro GET de la carpeta, es posible ejecutar sentencias SQL arbitrarias por medio de una URL dise\u00f1ada. La ejecuci\u00f3n de comandos remotos no autenticados es posible usando esta inyecci\u00f3n SQL para actualizar determinados valores de la base de datos, que luego son ejecutados por una funci\u00f3n eval() de bizRule en el archivo yii/framework/web/auth/CAuthManager.php. La omisi\u00f3n de autorizaci\u00f3n resultante tambi\u00e9n es posible, recuperando o modificando hashes de contrase\u00f1a y tokens de restablecimiento de contrase\u00f1a, permitiendo obtener privilegios administrativos"}], "lastModified": "2024-11-21T05:05:37.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:re-desk:re\\:desk:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C4228B-7583-4BC3-A0D1-A5E60AF4E874"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}