3 matches found
CVE-2021-33352
Wyomind Help Desk Magento 2 extension, v1.3.6 and earlier, is affected by a code execution vulnerability triggered by uploading a phar file via the ticket message field. The issue allows arbitrary code execution on the server and is tracked as CVE-2021-33352 with a CVSS v3.1 base score of 9.8 (CR...
CVE-2021-33353
CVE-2021-33353 affects Wyomind Help Desk for Magento 2 (extension version 1.3.6 and earlier). The root cause is a directory traversal vulnerability in the file attachment directory setting, allowing an attacker to execute arbitrary code. The issue is fixed in version 1.3.7. Exploitation details a...
CVE-2021-33351
CVE-2021-33351 affects the Wyomind Help Desk Magento 2 extension up to version 1.3.6 (prior to 1.3.7). The vulnerability is a Cross Site Scripting (XSS) issue in the ticket message field that attackers can exploit to escalate privileges. Root cause described in the connected sources points to cra...