Vulnerability Description
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Helpdesk Pro Project | Helpdesk Pro | <= 1.3.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-DisclosExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Jul/102ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2015/Jul/82ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/75971Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/37666/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-DisclosExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Jul/102ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2015/Jul/82ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/75971Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/37666/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-4071?
CVE-2015-4071 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/h...
How severe is CVE-2015-4071?
CVE-2015-4071 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4071?
Check the references section above for vendor advisories and patch information. Affected products include: Helpdesk Pro Project Helpdesk Pro.