Vulnerabilities
Vulnerable Software
Helpdesk Pro Project:  Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-09-20
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
CVSS Score
9.8
EPSS Score
0.102
Published
2017-09-20
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
CVSS Score
7.5
EPSS Score
0.858
Published
2017-09-20
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
CVSS Score
5.3
EPSS Score
0.126
Published
2017-08-18


Contact Us

Shodan ® - All rights reserved