Name of the Vulnerable Software and Affected Versions: FreeScout versions 1.8.185 and earlier Description: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. The application performs deserialization of data that can allow authenticated attackers with knowledge of the application's APP KEY to achieve remote code execution. The vulnerability is exploited via the /help/{mailbox id}/auth/{customer id}/{hash}/{timestamp} API endpoint, where the customer id and timestamp parameters are processed through the decrypt function in app/Helper.php without proper validation. The vulnerable code decrypts using Laravel's built-in encryption functions, which subsequently deserializes the decrypted payload without sanitization, allowing attackers to craft malicious serialized PHP objects to trigger arbitrary command execution. Recommendations: Update to version 1.8.186 or…Read More