52 matches found
CVE-2023-25350
Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...
CVE-2021-40925
CVE-2021-40925 is an XSS vulnerability in dompdf/dompdf/www/demo.php used by infaveo-helpdesk v1.11.0 and earlier. The issue arises from reflecting the $_SERVER["PHP_SELF"] parameter, enabling remote attackers to inject arbitrary script/HTML. Affected component: demo.php in the dompdf/dompdf pack...
Faveo Helpdesk 跨站脚本漏洞
Faveo Helpdesk is an open source ticketing system built by Faveo based on Laravel framework. A cross-site scripting vulnerability in Faveo Helpdesk v1.11.0 and below allows remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...
Faveo Cross-Site Request Forgery Vulnerability
Faveo is an open source , based on the Laravel framework of the ticket management system . A cross-site request forgery vulnerability exists in public/rolechangeadmin in Faveo version 1.9.3. A remote attacker can exploit this vulnerability to gain administrator privileges...
CVE-2017-7571
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges...
Cross site request forgery (csrf)
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges...
CVE-2017-7571
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges...
CVE-2017-7571
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges...
CVE-2017-7571
The CVE-2017-7571 entry concerns Faveo Open Source (ticketing system) version 1.9.3, where a CSRF in public/rolechangeadmin enables privilege escalation to administrator. The vulnerability is described as CSRF leading to admin rights, with public/rolechangeadmin being the affected component and F...
Faveo Helpdesk Community 1.9.3 Cross Site Request Forgery
Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.faveohelpdesk.com/ Software Link:...
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor...
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.faveohelpdesk.com/ Software Link:...