Skip to main content

Helpdesk CVE-2024-58343

| EUVDEUVD-2024-55551 MEDIUM
Direct Request ('Forced Browsing') (CWE-425)
2026-04-16 mitre GHSA-gqwq-8j5x-ghf8
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

5
PoC Detected
Apr 17, 2026 - 15:38 vuln.today
Public exploit code
Patch released
Apr 17, 2026 - 15:38 nvd
Patch available
Patch available
Apr 16, 2026 - 23:46 EUVD
EUVD ID Assigned
Apr 16, 2026 - 22:45 euvd
EUVD-2024-55551
CVE Published
Apr 16, 2026 - 22:27 nvd
MEDIUM 4.3

DescriptionCVE.org

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.

AnalysisAI

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-425. Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id. Affected products include: Vision Helpdesk. Version information: before 5.7.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-10655 HIGH POC
8.6 Dec 09

SQL injection in Frappe HelpDesk 1.14.0 dashboard functionality allows authenticated attackers to execute arbitrary SQL

CVE-2018-0714 CRITICAL
9.8 Aug 13

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 buil

CVE-2020-11431 CRITICAL
9.1 May 07

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remot

CVE-2021-28814 HIGH
8.8 Jun 11

An improper access control vulnerability has been reported to affect QNAP NAS. Rated high severity (CVSS 8.8), this vuln

CVE-2024-50394 HIGH
7.7 Mar 07

An improper certificate validation vulnerability has been reported to affect Helpdesk. Rated high severity (CVSS 7.7), t

CVE-2020-2500 MEDIUM
6.5 Jul 01

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Rated med

CVE-2026-23758 MEDIUM
6.4 Apr 20

GFI HelpDesk before version 4.99.9 allows authenticated staff members to inject persistent JavaScript into ticket subjec

CVE-2026-23756 MEDIUM
5.1 Apr 20

Stored cross-site scripting in GFI HelpDesk before version 4.99.9 allows authenticated staff members to inject arbitrary

CVE-2026-23757 MEDIUM
5.1 Apr 20

Stored cross-site scripting in GFI HelpDesk before version 4.99.10 allows authenticated attackers to inject arbitrary Ja

CVE-2026-23753 MEDIUM
4.8 Apr 20

GFI HelpDesk before version 4.99.9 contains a stored cross-site scripting vulnerability in language management where the

CVE-2026-23752 MEDIUM
4.8 Apr 20

GFI HelpDesk before version 4.99.9 allows authenticated administrators to inject stored cross-site scripting (XSS) paylo

CVE-2024-27125 MEDIUM
4.8 Sep 06

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. Rated medium severity (CVSS 4.8), this

Share

CVE-2024-58343 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy