ReadyDesk, version 9.1 and possibly others, contains SQL injection, path traversal, hard-coded cryptographic key, and arbitrary file upload vulnerabilities that may be leveraged to expose sensitive data and execute arbitrary code in the context of the vulnerable software.
ReadyDesk is a help desk ticketing web application designed to facilitate business internal or business to customer interactions.
CWE-89: Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') - CVE-2016-5048
A remote, unauthenticated attacker can obtain sensitive database information, read arbitrary files, and execute arbitrary code in the context of the vulnerable software.
The CERT/CC is currently unaware of a practical solution to these problems. A vendor advisory for version 9.2 states that it contains "Critical Security Updates," though details are not provided and it is unknown whether any of the vulnerabilities described above are addressed.
Thanks to Andrew Tierney of Pen Test Partners for reporting these vulnerabilities.
This document was written by Joel Land.