CVE-2020-15849

Name of the Vulnerable Software and Affected Versions Re:Desk version 2.3

Description The issue allows a malicious actor with administrative access to exploit a blind authenticated SQL injection vulnerability in the SettingsController class, specifically in the actionEmailTemplates() method. This could lead to the recovery of sensitive data from the application's database, authorization bypass, and the takeover of additional accounts by modifying password-reset tokens. Furthermore, it is possible to achieve remote command execution by abusing the Yii framework's bizRule functionality, allowing for the execution of arbitrary PHP code.

Recommendations For Re:Desk version 2.3, consider disabling the actionEmailTemplates() method in the SettingsController class as a temporary workaround until a patch is available. Restrict access to the bizRule functionality to minimize the risk of remote command execution. Avoid using the vulnerable method until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.