Unauthorized Access to User Profiles in Vision Helpdesk
CVE-2024-58343

4.3MEDIUM

Key Information:

Vendor: Vision
Status: Helpdesk
Vendor: CVE Published:; 16 April 2026

What is CVE-2024-58343?

In versions of Vision Helpdesk prior to 5.7.0, a vulnerability exists that allows attackers to exploit modified serialized cookie data linked to 'vis_client_id'. This flaw can lead to unauthorized access to user profiles, exposing sensitive user information. The vulnerability underscores the importance of secure session management and validating cookie data to prevent the exploitation of user sessions. Users are advised to upgrade to version 5.7.0 or later to mitigate this risk.

Affected Version(s)

Helpdesk 0 < 5.6.10

References

https://github.com/websec/Vision-Helpdesk-Exploit

https://websec.net/blog/critical-vulnerability-in-vision-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 16, 2026

CVE-2024-58343 Data

JSON