header-logo
Suggest Exploit
vendor:
Cerberus Helpdesk
by:
SecurityFocus
7.5
CVSS
HIGH
Improper Access Validation
287
CWE
Product Name: Cerberus Helpdesk
Affected Version From: 3.2.2001
Affected Version To: 3.2.2001
Patch Exists: NO
Related CWE: N/A
CPE: a:cerberus_helpdesk:cerberus_helpdesk
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Cerberus Helpdesk Improper Access Validation Vulnerability

Cerberus Helpdesk is prone to an unauthorized-access vulnerability because the application fails to authenticate users properly, resulting in an improper-access validation. An attacker can exploit this vulnerability to retrieve other users' arbitrary ticket data. Information obtained can lead to a compromise of other users' confidential information.

Mitigation:

A workaround is available.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20598/info

Cerberus Helpdesk is prone to an unauthorized-access vulnerability because the application fails to authenticate users properly, resulting in an improper-access validation. A workaround is available.

An attacker can exploit this vulnerability to retrieve other users' arbitrary ticket data. Information obtained can lead to a compromise of other users' confidential information.

Version 3.2.1 is affected by this issue; other versions may be vulnerable as well.

http://www.example.com/rpc.php?cmd=display_get_requesters&id=[ticket#]

Navigation

Suggest Exploit

Services By CQR