RSS   Vulnerabilities for 'Mods for hesk'   RSS

2020-07-09
 
CVE-2020-13994

CWE-94
 

 
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker.

 
 
CVE-2020-13993

CWE-89
 

 
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket.

 
 
CVE-2020-13992

CWE-79
 

 
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.

 


Copyright 2024, cxsecurity.com

 

Back to Top