69 matches found
CVE-2017-14145
HelpDEZk 1.1.1 has a SQL Injection vulnerability in app/modules/admin/controllers/loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. The initial records (CVE-2017-14145) enumerate high-severity impact (C/P/I/A partial) with CVSS2/3 scores ...
CVE-2017-14146
CVE-2017-14146 affects HelpDEZk 1.1.1 and enables remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it from the helpdezk\app\uploads\helpdezk\attachments\ directory. The available sources confirm this file-upload vulnerability and PHP code...
HelpDEZk Cross-Site Request Forgery Vulnerability
HelpDEZk is a suite of PHP-based software for managing requests, events. A cross-site request forgery vulnerability exists in admin/home/person/ in HelpDEZk. It allows remote attackers to construct malicious URIs and trick users into parsing them, which can be used to perform malicious actions an...
HelpDEZk Cross-Site Request Forgery Vulnerability (CNVD-2017-04611)
HelpDEZk is a suite of PHP-based software for managing requests, events. A cross-site request forgery vulnerability exists in admin/home/logos/ in HelpDEZk. Allows a remote attacker to construct a malicious URI and trick a user into parsing it, which could perform a malicious action in the contex...
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software Link:...
CVE-2017-7447
HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...
CVE-2017-7446
HelpDEZk 1.1.1 has CSRF in admin/home/person/ with an impact of obtaining admin privileges...
CVE-2017-7447
HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...
CVE-2017-7446
HelpDEZk 1.1.1 has CSRF in admin/home/person/ with an impact of obtaining admin privileges...
Cross site request forgery (csrf)
HelpDEZk 1.1.1 has CSRF in admin/home/person/ with an impact of obtaining admin privileges...
Code injection
HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...
CVE-2017-7446
HelpDEZk 1.1.1 has CSRF in admin/home/person/ with an impact of obtaining admin privileges...
CVE-2017-7447
CVE-2017-7447 affects HelpDEZk 1.1.1, with CSRF in the admin path (admin/home#/logos/) that can lead to remote execution of arbitrary PHP code. The vulnerability is documented across multiple sources (NVD/NVD-linked records, CNVD, CVE listings, and exploitation records), and exploit references in...
CVE-2017-7447
HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...
CVE-2017-7446
HelpDEZk 1.1.1 is affected by a Cross-Site Request Forgery vulnerability in admin/home#/person/ that can lead to admin privileges. The CVE entry, confirmed across multiple sources, notes CSRF as the root cause in HelpDEZk’s web interface, with public exploit coverage (Exploit-DB, PacketStorm) ind...
HelpDEZK 1.1.1 - Cross-Site Request Forgery Code Execution
HelpDEZK 1.1.1 - Cross-Site Request Forgery Code Execution Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software...
HelpDEZK 1.1.1 CSRF / Code Execution
Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software Link: https://codeload.github.com/albandes/helpdezk/zip/v1.1...
HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software Link: https://codeload.github.com/albandes/helpdezk/zip/v1.1...
HelpDEZk 1.0.1 File Upload
File upload vulnerability in HelpDEZk Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...
HelpDezk 1.0.1 /app/modules/admin/views/upload.php 文件上传漏洞
No description provided by source...