CVE-2020-13994

Published: Jul 9, 2020Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker.

Affected (1)

Products: Mods For Hesk: Mods For Hesk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mods For Hesk Mods For Hesk	From 3.1.0 to 2019.1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://loca1gh0s7.github.io/MFH-from-XSS-to-RCE-loca1gh0st-exercise/

Source: cve@mitre.org

ExploitThird Party Advisory

https://loca1gh0s7.github.io/MFH-from-XSS-to-RCE-loca1gh0st-exercise/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.