Arbitrary User Ticket Disclosure in Helpdesk Pro Plugin for Joomla!
CVE-2015-4071 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
Learn more about our User Device Pen Test.