Directory traversal

2017-09-2016:29:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a … (dot dot) in the filename parameter in a ticket.download_attachment task.

CPENameOperatorVersion
helpdesk_prole1.3.0

CPE	Name	Operator	Version
	helpdesk_pro	le	1.3.0

References

packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html

seclists.org/fulldisclosure/2015/Jul/102

www.securityfocus.com/bid/75971

www.exploit-db.com/exploits/37666/