Arbitrary User Ticket Disclosure in Helpdesk Pro Plugin for Joomla!

CVE-2015-4071 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.

Learn more about our User Device Pen Test.