CVE-2015-4074

Name of the Vulnerable Software and Affected Versions Helpdesk Pro plugin versions prior to 1.4.0

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the filename parameter within a "ticket.download attachment" task.

Recommendations For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ticket.download attachment task to minimize the risk of exploitation.