CVE-2020-11467
HIGHDeskpro < 2019.8.0 - Remote Code Execution via TWIG Template Unserialize
Title source: llmDescription
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/
Release Notes, Vendor Advisory x_refsource_misc
https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update
Release Notes, Vendor Advisory x_refsource_misc
https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09
Scores
CVSS v3
7.2
EPSS
0.0399
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
deskpro/deskpro
< 2019.8.0
Published
Apr 01, 2020
Tracked Since
Feb 18, 2026