Vulnerability Details CVE-2015-4071
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.126
EPSS Ranking 93.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Jul/102
- http://seclists.org/fulldisclosure/2015/Jul/82
- http://www.securityfocus.com/bid/75971
- https://www.exploit-db.com/exploits/37666/
- http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Jul/102
- http://seclists.org/fulldisclosure/2015/Jul/82
- http://www.securityfocus.com/bid/75971
- https://www.exploit-db.com/exploits/37666/
Products affected by CVE-2015-4071
-
cpe:2.3:a:helpdesk_pro_project:helpdesk_pro:-