VYPR

Helpdesk Pro

by Joomla

CVEs (4)

  • CVE-2015-4073CriSep 20, 2017
    risk 0.67cvss 9.8epss 0.04

    Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the…

  • CVE-2015-4075HigSep 20, 2017
    risk 0.56cvss 8.1epss 0.07

    The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.

  • CVE-2015-4074HigSep 20, 2017
    risk 0.56cvss 7.5epss 0.57

    Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.

  • CVE-2015-4072MedSep 20, 2017
    risk 0.38cvss 5.4epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.