Описание
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
EPSS
9.1 Critical
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution.
EPSS
9.1 Critical
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2