Hesk versions 0.93 and prior are vulnerable to authentication bypass and path disclosure vulnerabilities caused due to improper validation of the HTTP header. This vulnerability can be exploited to bypass authentication mechanism, and also made to reveal system specific information.
2645a4a964c584ad640884d537dd3c2209e0231c8e3f12c7579589f38c74c645