EUVD-2020-2566

Malware in sbrugna...

CVE-2020-26032

An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may le...

CVE-2025-32358

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET request. This coul...

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

PT-2023-23401 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.4.0 Description: An issue in the software allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existin...

CVE-2022-48021

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server...

PT-2022-22867 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.0 Description: The issue allows for privilege escalation. Zammad has a mechanism to prevent brute-force attacks by invalidating users after a configurable number of attempts to guess login credentials. However, an attacker...