| VID |
210013 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Cerberus HelpDesk is vulnerable to an information disclosure vulnerability via the 'rpc.php' file. Cerberus HelpDesk is a web based email management software written in PHP and MySQL. Cerberus HelpDesk version 3.2.1 is vulnerable to an information disclosure vulnerability, caused by improper validation of user-supplied input passed to the 'id' parameter of the 'rpc.php' script. A remote attacker could send a specially-crafted URL request to view arbitrary helpdesk tickets in the database.
* References:
http://forum.cerberusweb.com/showthread.php?t=7922
http://www.frsirt.com/english/advisories/2006/4089
http://secunia.com/advisories/22418/
* Platforms Affected:
Cerberus HelpDesk version 3.2.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Cerberus HelpDesk (3.3 or later), available from the Cerberus HelpDesk Download Web site at http://www.cerberusweb.com/ |
| Related URL |
CVE-2006-5428 (CVE) |
| Related URL |
20598 (SecurityFocus) |
| Related URL |
29655 (ISS) |
|
