CVE-2015-4074

HIGH EXPLOITED NUCLEI

Helpdesk Pro < 1.3.0 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.

Exploits (1)

exploitdb WORKING POC

by Simon Rawet · textwebappsphp

https://www.exploit-db.com/exploits/37666

View Code ZIP pw:eip

Nuclei Templates (1)

Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion

HIGHby 0x_Akoko

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html

[Exploit, Mailing List, Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2015/Jul/102

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/75971

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/37666/

Scores

CVSS v3 7.5

EPSS 0.8582

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-09-19

CWE

CWE-22

Status published

Products (1)

helpdesk_pro_project/helpdesk_pro < 1.3.0

Published Sep 20, 2017

Tracked Since Feb 18, 2026