4 matches found
CVE-2015-4074
CVE-2015-4074 is a proven Local File Inclusion / path traversal vulnerability in the Joomla! Helpdesk Pro plugin < 1.4.0. The issue allows reading arbitrary files via a .. in the filename parameter of the ticket.download_attachment task. Affected software: Joomla! Helpdesk Pro plugin versions ...
CVE-2015-4071
CVE-2015-4071 affects the Joomla! Helpdesk Pro Plugin prior to version 1.4.0. The vulnerability is an information disclosure: remote attackers can read arbitrary users’ support tickets by obtaining a ticketId and visiting /component/helpdeskpro/?view=ticket&id={ticketId}. Root cause is improper a...
CVE-2015-4073
CVE-2015-4073 refers to SQL injection weaknesses in the Joomla! Helpdesk Pro plugin (before version 1.4.0). The affected component is the Helpdesk Pro Joomla! plugin; the root cause is improper handling of user input in SQL queries, allowing remote attackers to inject arbitrary SQL via (1) ticket...
CVE-2015-4072
CVE-2015-4072 affects the Joomla! Helpdesk Pro plugin prior to version 1.4.0. The vulnerability is described as cross-site scripting (XSS) via input fields related to name and message, allowing remote attackers to inject arbitrary scripts. The root cause is an XSS condition in the plugin’s handli...