CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...

EUVD-2021-29078

Malicious code in bioql PyPI...

EUVD-2025-26130

Malicious code in bioql PyPI...

CVE-2025-58048

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

CVE-2025-58048

CVE-2025-58048 affects Paymenter before version 1.2.11. The ticket attachments feature lets an authenticated user upload arbitrary files, enabling sensitive data extraction, credentials read from configuration files, and arbitrary commands executed under the web server user. A fix was released in...

CVE-2025-58048 Paymenter Vulnerable to Remote Code Execution via Public File Uploads

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...

PT-2025-35120

Name of the Vulnerable Software and Affected Versions: Paymenter versions prior to 1.2.11 Description: Paymenter is a free and open-source webshop solution for hostings. The ticket attachments functionality allows a malicious authenticated user to upload arbitrary files. This could result in...

CVE-2023-0357

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket...

WordPress plugin JS Help Desk 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...

CVE-2024-23792

When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...

CVE-2023-0357

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket...

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...

CVE-2004-0613

osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory...