CVE-2015-4071

MEDIUM

Helpdesk Pro < 1.3.0 - Information Disclosure

Title source: rule

Description

The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.

Exploits (1)

exploitdb WORKING POC

by Simon Rawet · textwebappsphp

https://www.exploit-db.com/exploits/37666

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2015/Jul/102

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2015/Jul/82

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/75971

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/37666/

Scores

CVSS v3 5.3

EPSS 0.1264

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

helpdesk_pro_project/helpdesk_pro < 1.3.0

n/a/n/a

Published Aug 18, 2017

Tracked Since Feb 18, 2026