27 matches found
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...
CVE-2021-33353
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...
EUVD-2021-20060
Malware in sbrugna...
EUVD-2021-20058
Malware in sbrugna...
CVE-2021-33351
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field...
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...
CVE-2021-33353
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...
CVE-2021-33351
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field...
CVE-2021-33353
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...
Design/Logic Flaw
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...
Directory traversal
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...
Cross site scripting
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field...
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...
Wyomind Magento 跨站脚本漏洞
Wyomind Magento is a ticketing system from Wyomind. A security vulnerability exists in Wyomind Help Desk Magento 2 extension version v.1.3.6 and prior versions. An attacker can exploit the vulnerability to elevate privileges via a specially crafted payload in the ticket message field...
CVE-2021-33353
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting...
CVE-2021-33351
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field...
PT-2023-12205 · Wyomind · Wyomind Help Desk Magento 2 Extension
Name of the Vulnerable Software and Affected Versions: Wyomind Help Desk Magento 2 extension versions 1.3.6 and before Description: The issue allows attackers to escalate privileges via a crafted payload in the ticket message field. This is a Cross Site Scripting vulnerability. Recommendations: F...
CVE-2021-33352
Wyomind Help Desk Magento 2 extension, v1.3.6 and earlier, is affected by a code execution vulnerability triggered by uploading a phar file via the ticket message field. The issue allows arbitrary code execution on the server and is tracked as CVE-2021-33352 with a CVSS v3.1 base score of 9.8 (CR...
CVE-2021-33353
CVE-2021-33353 affects Wyomind Help Desk for Magento 2 (extension version 1.3.6 and earlier). The root cause is a directory traversal vulnerability in the file attachment directory setting, allowing an attacker to execute arbitrary code. The issue is fixed in version 1.3.7. Exploitation details a...