Local File Inclusion Vulnerability in JoomSky JS Help Desk
CVE-2025-30901

8.1HIGH

Key Information:

Vendor: Joomsky
Status: Js Help Desk
Vendor: CVE Published:; 1 April 2025

Summary

The JoomSky JS Help Desk software is impacted by a local file inclusion vulnerability due to improper control of the filename for include/require statements in PHP. This flaw allows attackers to exploit the application, potentially leading to unauthorized access to sensitive files on the server. The issue is present in versions up to 2.9.2, making it crucial for users to apply any available patches and updates to safeguard against potential exploits.

Affected Version(s)

JS Help Desk <= 2.9.2

References

https://patchstack.com/database/wordpress/plugin/js-suppo...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)