CVE-2020-15487

Name of the Vulnerable Software and Affected Versions Re:Desk version 2.3

Description The issue concerns a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function. This vulnerability can be exploited by modifying the folder GET parameter in a crafted URL, allowing for the execution of arbitrary SQL statements. As a result, unauthenticated remote command execution is possible by updating specific database values, which are then executed by the eval() function in the CAuthManager.php file. This can lead to authorization bypass, enabling the recovery or modification of password hashes and password reset tokens, and potentially granting administrative privileges.

Recommendations For Re:Desk version 2.3, consider disabling the getBaseCriteria() function until a patch is available. Restrict access to the Ticket.php file and the CAuthManager.php file to minimize the risk of exploitation. Avoid using the folder parameter in crafted URLs until the issue is resolved.