VYPR

Vision Helpdesk

by Vision Helpdesk

CVEs (2)

  • CVE-2025-32993MedApr 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password (aka index.php?/home/forgot-password) vis_username parameter. Authentication is not needed.

  • CVE-2024-58343MedApr 16, 2026
    risk 0.28cvss 4.3epss 0.00

    Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.