CVE-2020-15849

{"id": "CVE-2020-15849", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2020-09-30T19:15:13.180", "references": [{"url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.re-desk.com/download-help-desk-software.html", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.re-desk.com/download-help-desk-software.html", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488)."}, {"lang": "es", "value": "Re:Desk versi\u00f3n 2.3, presenta una vulnerabilidad de inyecci\u00f3n SQL autenticada ciega en la clase SettingsController, en el m\u00e9todo actionEmailTemplates(). Un actor malicioso con acceso a una cuenta administrativa podr\u00eda abusar de esta vulnerabilidad para recuperar datos confidenciales de la base de datos de la aplicaci\u00f3n, permitiendo omitir la autorizaci\u00f3n y hacerse cargo de cuentas adicionales mediante la modificaci\u00f3n de tokens de restablecimiento de contrase\u00f1a almacenados en la base de datos. Una ejecuci\u00f3n de comandos remota tambi\u00e9n es posible al aprovechar esto para abusar de la funcionalidad bizRule del framework Yii, permitiendo que un c\u00f3digo PHP arbitrario sea ejecutado por la aplicaci\u00f3n. Una ejecuci\u00f3n de comandos remota tambi\u00e9n es posible al usar esto junto con una vulnerabilidad de carga de archivos no segura separada (CVE-2020-15488)"}], "lastModified": "2024-11-21T05:06:18.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:re-desk:re\\:desk:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C4228B-7583-4BC3-A0D1-A5E60AF4E874"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}