CVE-2024-58343 Vision Helpdesk — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	4.3 (MEDIUM)
Affected Versions	before 5.7.0
Fixed In	5.6.10
Type	CWE-425 (Direct Request / Forced Browsing)
Vendor	Vision Helpdesk
Public PoC	Yes

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-425 Direct Request / Forced Browsing

References 2

https://github.com/websec/Vision-Helpdesk-Exploit

cve@mitre.org

https://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unauth…

cve@mitre.org

Menu

CVE-2024-58343

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Menu

CVE-2024-58343

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

CVE Details

Editor's Choice

Stay informed on cybersecurity