Description
Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Rajesh Sethumadhavan · textwebappsphp
https://www.exploit-db.com/exploits/26285
References (5)
Core 5
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1792
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112724743530521&w=2
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14879
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16859
Patch x_refsource_confirm
http://www.phpjunkyard.com/extras/hesk_0931_patch.zip
Scores
EPSS
0.0861
EPSS Percentile
92.5%
Details
Status
published
Products (2)
helpdesk_software/hesk
0.92
helpdesk_software/hesk
0.93
Published
Sep 21, 2005
Tracked Since
Feb 18, 2026