CVE-2015-4071
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
18/08/2017
Last modified:
20/04/2025
Description
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:helpdesk_pro_project:helpdesk_pro:*:*:*:*:*:joomla\!:*:* | 1.3.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Jul/102
- http://seclists.org/fulldisclosure/2015/Jul/82
- http://www.securityfocus.com/bid/75971
- https://www.exploit-db.com/exploits/37666/
- http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Jul/102
- http://seclists.org/fulldisclosure/2015/Jul/82
- http://www.securityfocus.com/bid/75971
- https://www.exploit-db.com/exploits/37666/