Asad Iqbal

**Name of the Vulnerable Software and Affected Versions** Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) version 9.2.0 **Description** An issue in the software allows a remote attacker to execute arbitrary code via the `Subject` and `Identifier` fields. This enables the attacker to perform unauthorized actions on the system. **Recommendations** For Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) version 9.2.0, consider restricting access to the `Subject` and `Identifier` fields until a patch is available. As a temporary workaround, disabling the execution of arbitrary code via these fields can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ladybird Web Solution Faveo-Helpdesk version 2.0.3 **Description** The issue is related to an arbitrary file upload vulnerability in the Ticket Generation function. This allows attackers to execute arbitrary code by uploading crafted files, such as .html or .svg files. **Recommendations** For Ladybird Web Solution Faveo-Helpdesk version 2.0.3, consider disabling the Ticket Generation function until a patch is available to prevent the upload of malicious files. Restrict access to this function to minimize the risk of exploitation. Avoid using the Ticket Generation feature with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.