cbcvebase.

Helpdesk Pro Project Helpdesk Pro vulnerabilities

4 known vulnerabilities affecting helpdesk_pro_project/helpdesk_pro.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2015-4074P1HIGHCVSS 7.5ExploitedPoC≤ 1.3.02017-09-20
CVE-2015-4074 [HIGH] CWE-22 CVE-2015-4074: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
nvd
CVE-2015-4073P2CRITICALCVSS 9.8PoC≤ 1.3.02017-09-20
CVE-2015-4073 [CRITICAL] CWE-89 CVE-2015-4073: Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow rem Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
nvd
CVE-2015-4071P3MEDIUMCVSS 5.3PoC≤ 1.3.02017-08-18
CVE-2015-4071 [MEDIUM] CWE-200 CVE-2015-4071: The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
nvd
CVE-2015-4072P4MEDIUMCVSS 5.4PoC≤ 1.3.02017-09-20
CVE-2015-4072 [MEDIUM] CWE-79 CVE-2015-4072: Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joom Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
nvd
Helpdesk Pro Project Helpdesk Pro vulnerabilities | cvebase