← Retour aux CVEs

CVE-2021-43609

CRITICAL

9.9

Description

An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data.

Details CVE

Score CVSS v3.19.9

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie11/9/2023

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

spiceworks:help_desk_server

Faiblesses (CWE)

CWE-89

References

https://community.spiceworks.com/blogs/help-desk-server-release-notes/3610-1-3-2-1-3-3(cve@mitre.org)

https://github.com/d5sec/CVE-2021-43609-POC(cve@mitre.org)

https://www.linkedin.com/pulse/cve-2021-43609-write-up-division5-security-4lgwe(cve@mitre.org)

https://community.spiceworks.com/blogs/help-desk-server-release-notes/3610-1-3-2-1-3-3(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/d5sec/CVE-2021-43609-POC(af854a3a-2127-422b-91ae-364da2661108)

https://www.linkedin.com/pulse/cve-2021-43609-write-up-division5-security-4lgwe(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.