GCVE - cpe:2.3:a:prestashop:helpdesk:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:prestashop:helpdesk:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Prestashop (`236a7260-6e18-5f0f-b33a-a013be210d8c`)
Product	Helpdesk (`6f90eb97-a939-5b31-9162-a40d4b61651e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-34992`	vulnerable	2026-06-03 14:55:55.451514	Details available SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()' Published: 2024-06-24T00:00:00.000Z Updated: 2024-08-02T03:07:45.508Z Open on db.gcve.eu Reference links https://security.friendsofpresta.org/modules/2024/06/20/helpdesk.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-34990`	vulnerable	2026-06-03 14:55:55.448991	Details available In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers. Published: 2024-06-19T00:00:00.000Z Updated: 2024-08-02T03:07:46.480Z Open on db.gcve.eu Reference links https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-06-18-helpdesk.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.