| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-4075 | 6.8 |
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
|
16-10-2019 - 19:33 | 20-09-2017 - 16:29 | |
| CVE-2015-4071 | 5.0 |
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
|
05-10-2017 - 15:39 | 18-08-2017 - 18:29 | |
| CVE-2015-4074 | 5.0 |
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
|
22-09-2017 - 23:43 | 20-09-2017 - 16:29 | |
| CVE-2015-4072 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
|
22-09-2017 - 23:42 | 20-09-2017 - 16:29 | |
| CVE-2015-4073 | 7.5 |
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary
|
22-09-2017 - 17:03 | 20-09-2017 - 16:29 |