Vision HelpDesk vulnerabilities

Product Description:

WHMCS Complete Billing and Support

Vision Helpdesk is the only web based Help Desk Software that allows to manage support for multiple companies at one place with single staff portal for all companies and each company having its own client portal.

Recently following vulnerabilities were discovered in Vision Helpdesk:

Various Modules Local File Inclusions

There are various modules within the Vision HelpDesk that suffer from your typical local file inclusion that could lead to a compromise under certain circumstances. Most of the risk would be if the software was installed in a shared hosting environment which is a high probability as it is bundled with the popular Softaculous one-click installer.

User Images Input Validation Failure

Due to an input validation failure, it is possible for a malicious user to remove the profile images belonging to other users without authorization.

Both Vision Helpdesk vulnerabilities were fixed in Vision HelpDesk 4.1.2.

Posted in Security.

Leave a Reply

Your email address will not be published. Required fields are marked *