Name of the Vulnerable Software and Affected Versions:

FreeScout versions 1.8.185 and earlier

Description:

FreeScout is a help desk and shared inbox built with PHP’s Laravel framework. Versions prior to 1.8.186 contain a deserialization of untrusted data issue that allows authenticated attackers with knowledge of the application's `APP KEY` to achieve remote code execution. The vulnerability is exploited via the `/help/{mailbox id}/auth/{customer id}/{hash}/{timestamp}` endpoint, where the `customer id` and `timestamp` parameters are processed through the `decrypt` function in `app/Helper.php` without proper validation. The code decrypts using Laravel's built-in encryption functions, which subsequently deserialize the decrypted payload without sanitization, allowing attackers to craft malicious serialized PHP objects to trigger arbitrary command execution.

Recommendations:

Upgrade to FreeScout version 1.8.186 or later.