2 matches found
PT-2020-16450 · Evolution Script · Helpdesk
Name of the Vulnerable Software and Affected Versions: HelpDeskZ version 1.0.2 Description: An issue was discovered in the RememberMe functionality, which is prone to SQL injection. This issue only affects products that are no longer supported by the maintainer. Recommendations: For HelpDeskZ...
HelpDeskz 1.0.2 Shell Upload
Exploit Title: HelpDeskZ /submitticketcontroller.php - Line 141 $filename = md5$FILES'attachment''name'.time.".".$ext; So by guessing the time the file was uploaded, we can get RCE. Steps to reproduce: http://localhost/helpdeskz/?v=submitticket&action=displayForm Enter anything in the mandatory...