Helpdesk Pro Security Vulnerabilities and Issues — Helpdesk Pro CVE List

Lucene search

Helpdesk Pro ProjectHelpdesk Pro

4 matches found

cve•added 2017/08/18 6:29 p.m.•46 views

CVE-2015-4071

The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.

5.3CVSS6.4AI score0.12639EPSS

cve•added 2017/09/20 4:29 p.m.•46 views

CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.

7.5CVSS7.5AI score0.8582EPSS

cve•added 2017/09/20 4:29 p.m.•38 views

CVE-2015-4073

Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.

9.8CVSS9.3AI score0.10155EPSS

cve•added 2017/09/20 4:29 p.m.•37 views

CVE-2015-4072

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.

5.4CVSS6.1AI score0.00444EPSS