Vision Helpdesk: Unauthenticated User Profile Exposure

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.3

Vision Helpdesk: Unauthenticated User Profile Exposure

CVE-2024-58343

Summary

An attacker can access sensitive user information by manipulating a specific cookie. This issue affects versions of Vision Helpdesk prior to 5.7.0 and poses a risk to user privacy. Update to version 5.6.10 or later to fix the issue.

Original title

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.

Original description

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.

nvd CVSS3.1 4.3

Vulnerability type

CWE-425

https://github.com/websec/Vision-Helpdesk-Exploit
https://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unautho...

Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 16 Apr 2026