CVE-2015-4075

HIGH

Helpdesk Pro < 1.3.0 - Arbitrary File Write via Language Save Task

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4075. PoCs published by Simon Rawet.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Joomla! Helpdesk Pro < 1.4.0, including SQL injection, XSS, path traversal, and file upload. The PoC provides clear examples of how to exploit these vulnerabilities, including unauthenticated and authenticated attack vectors.

Description

The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.

Exploits (1)

exploitdb WORKING POC
by Simon Rawet · textwebappsphp
https://www.exploit-db.com/exploits/37666

The exploit demonstrates multiple vulnerabilities in Joomla! Helpdesk Pro < 1.4.0, including SQL injection, XSS, path traversal, and file upload. The PoC provides clear examples of how to exploit these vulnerabilities, including unauthenticated and authenticated attack vectors.

Classification
Working Poc 100%
Attack Type
Sqli | Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Joomla! Helpdesk Pro < 1.4.0
No auth needed
Prerequisites: Access to the target Joomla! Helpdesk Pro instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37666/
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75971
Exploit, Mailing List, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jul/102

Scores

CVSS v3 8.1
EPSS 0.0738
EPSS Percentile 93.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (1)
helpdeskpro/helpdesk_pro < 1.3.0
Published Sep 20, 2017
Tracked Since Feb 18, 2026