CVE-2024-58343

Description

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.

PUBLISHED Reserved 2026-04-16 | Published 2026-04-16 | Updated 2026-04-17 | Assigner mitre

Problem types

CWE-425 Direct Request ('Forced Browsing')

Product status

References

github.com/websec/Vision-Helpdesk-Exploit

websec.net/...orized-session-access-67264646bde7fa99ea26446f

cve.org (CVE-2024-58343)

nvd.nist.gov (CVE-2024-58343)

Download JSON