Lucene search
K
Helpdesk Pro ProjectHelpdesk Pro

4 matches found

CVE
CVE
added 2017/09/20 4:0 p.m.68 views

CVE-2015-4074

CVE-2015-4074 is a proven Local File Inclusion / path traversal vulnerability in the Joomla! Helpdesk Pro plugin < 1.4.0. The issue allows reading arbitrary files via a .. in the filename parameter of the ticket.download_attachment task. Affected software: Joomla! Helpdesk Pro plugin versions ...

7.5CVSS7.5AI score0.5651EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.59 views

CVE-2015-4071

CVE-2015-4071 affects the Joomla! Helpdesk Pro Plugin prior to version 1.4.0. The vulnerability is an information disclosure: remote attackers can read arbitrary users’ support tickets by obtaining a ticketId and visiting /component/helpdeskpro/?view=ticket&id={ticketId}. Root cause is improper a...

5.3CVSS6.4AI score0.09551EPSS
Web
CVE
CVE
added 2017/09/20 4:0 p.m.55 views

CVE-2015-4073

CVE-2015-4073 refers to SQL injection weaknesses in the Joomla! Helpdesk Pro plugin (before version 1.4.0). The affected component is the Helpdesk Pro Joomla! plugin; the root cause is improper handling of user input in SQL queries, allowing remote attackers to inject arbitrary SQL via (1) ticket...

9.8CVSS9.3AI score0.04212EPSS
CVE
CVE
added 2017/09/20 4:0 p.m.51 views

CVE-2015-4072

CVE-2015-4072 affects the Joomla! Helpdesk Pro plugin prior to version 1.4.0. The vulnerability is described as cross-site scripting (XSS) via input fields related to name and message, allowing remote attackers to inject arbitrary scripts. The root cause is an XSS condition in the plugin’s handli...

5.4CVSS6.1AI score0.02921EPSS