CVE-2015-4073

CRITICAL

Helpdesk Pro < 1.3.0 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.

Exploits (1)

exploitdb WORKING POC

by Simon Rawet · textwebappsphp

https://www.exploit-db.com/exploits/37666

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html

[Exploit, Mailing List, Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2015/Jul/102

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/75971

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/37666/

Scores

CVSS v3 9.8

EPSS 0.1016

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

helpdesk_pro_project/helpdesk_pro < 1.3.0

Published Sep 20, 2017

Tracked Since Feb 18, 2026