Helpdezk

helpdezk

Vendor: Helpdezk • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-3038 1Helpdezk 1Helpdezk Nov 21, 2024 Oct 4, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract a...Show more SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.Show less
CVE-2023-3037 1Helpdezk 1Helpdezk Nov 21, 2024 Oct 4, 2023 N/A· v4 8.6 HIGH· v3 N/A· v2 Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonG...Show more Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.Show less
CVE-2014-8337 1Helpdezk 1Helpdezk Nov 21, 2024 Jan 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension,...Show more Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.Show less
CVE-2017-14146 1Helpdezk 1Helpdezk May 13, 2026 Sep 5, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.
CVE-2017-14145 1Helpdezk 1Helpdezk May 13, 2026 Sep 5, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
CVE-2017-7447 1Helpdezk 1Helpdezk May 13, 2026 Apr 5, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
CVE-2017-7446 1Helpdezk 1Helpdezk May 13, 2026 Apr 5, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.