VYPR
Vendor

Re:Desk

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2020-15487CriSep 30, 2020
    risk 0.64cvss 9.8epss 0.04

    Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote…

  • CVE-2020-15488HigSep 30, 2020
    risk 0.49cvss 7.5epss 0.01

    Re:Desk 2.3 allows insecure file upload.

  • CVE-2020-15849HigSep 30, 2020
    risk 0.47cvss 7.2epss 0.03

    Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's…