Vulnerability Description
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Helpdesk Pro Project | Helpdesk Pro | <= 1.3.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-DisclosExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Jul/102ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/75971ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/37666/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-DisclosExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Jul/102ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/75971ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/37666/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-4073?
CVE-2015-4073 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3...
How severe is CVE-2015-4073?
CVE-2015-4073 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-4073?
Check the references section above for vendor advisories and patch information. Affected products include: Helpdesk Pro Project Helpdesk Pro.