Cromosoft Facil Helpdesk vulnerabilities
2 known vulnerabilities affecting cromosoft/facil_helpdesk.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2009-4543P3MEDIUMCVSS 6.8PoCv2.32010-01-04
CVE-2009-4543 [MEDIUM] CWE-94 CVE-2009-4543: PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Li
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
nvd
CVE-2009-4544P4MEDIUMCVSS 4.3PoCv2.32010-01-04
CVE-2009-4544 [MEDIUM] CWE-79 CVE-2009-4544: Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
nvd