CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43609
https://notcve.org/view.php?id=CVE-2021-43609
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data. Se descubrió un problema en Spiceworks Help Desk Server antes de la versión 1.3.3. Una vulnerabilidad de inyección Blind Boolean SQL dentro de la función order_by_for_ticket en app/models/reporting/database_query.rb permite a un atacante autenticado ejecutar comandos SQL arbitrarios a través del parámetro sort. • https://github.com/d5sec/CVE-2021-43609-POC https://community.spiceworks.com/blogs/help-desk-server-release-notes/3610-1-3-2-1-3-3 https://www.linkedin.com/pulse/cve-2021-43609-write-up-division5-security-4lgwe • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 4CVE-2020-25901 – Spiceworks 7.5 - HTTP Header Injection
https://notcve.org/view.php?id=CVE-2020-25901
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. Una Inyección de Encabezado Host en Spiceworks versión 7.5.7.0, permite al atacante generar enlaces arbitrarios que apuntan hacia un sitio web malicioso con páginas web de encabezado Host envenenadas Spiceworks version 7.5 suffers from an HTTP header injection vulnerability. • https://www.exploit-db.com/exploits/49299 http://packetstormsecurity.com/files/160631/Spiceworks-7.5-HTTP-Header-Injection.html https://frontend.spiceworks.com/topic/2309457-desktop-host-header-injection-vulnerability https://github.com/Ramikan/Vulnerabilities/blob/master/Spiceworks%20version%207.5%20HTTP%20Header%20Injection • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23451
https://notcve.org/view.php?id=CVE-2020-23451
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. Spiceworks versiones anteriores a 7.5.00107, está afectada por una vulnerabilidad de tipo CSRF que puede conllevar a una escalada de privilegios por medio de la función "/settings/v1/users" • http://spiceworks.com https://abuyv.com/cve/spiceworks-csrf-via-xss • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23450
https://notcve.org/view.php?id=CVE-2020-23450
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization. Spiceworks versiones anteriores a 7.5.00107 incluyéndola, está afectada por una vulnerabilidad de tipo XSS. Cualquier nombre escrito en la función Custom Groups es vulnerable a los ataques de tipo XSS almacenado, ya que son mostrados en http://127.0.0.1/inventory/groups/ sin saneamiento de la salida • http://spiceworks.com https://abuyv.com https://abuyv.com/cve/spiceworks-stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6021
https://notcve.org/view.php?id=CVE-2015-6021
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. Spiceworks Desktop en versiones anteriores a 01-12-2015 tiene un XSS a través de una respuesta SNMP. • https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •