Vulnerabilities (CVE)

Filtered by vendor Wyomind Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33353 1 Wyomind 1 Help Desk 2024-11-21 N/A 9.8 CRITICAL
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.
CVE-2021-33352 1 Wyomind 1 Help Desk 2024-11-21 N/A 9.8 CRITICAL
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
CVE-2021-33351 1 Wyomind 1 Help Desk 2024-11-21 N/A 9.0 CRITICAL
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.