| VID |
21811 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Cerberus Support Center is vulnerable to multiple vulnerabilities which exist in versions prior to 3.2.0pr2. Cerberus Support Center is a customer interface about web based email management software written in PHP and MySQL. Cerberus Support Center versions prior to 3.2.0pr2 are vulnerable to multiple vulnerabilities, caused by improper validation of user-supplied input passed to the 'kb_ask' parameter of the 'index.php' script and the 'file_id' parameter of the 'attachment_send.php' script. A remote attacker could exploit these vulnerabilities by conduct SQL injection and cross-site scripting vulnerabilities and disclose sensitive information.
* References:
http://forum.cerberusweb.com/showthread.php?s=&postid=30315
http://www.cerberusweb.com/devblog/?p=56
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0949.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040324.html
* Platforms Affected:
Cerberus Support Center versions prior to 3.2.0pr2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Cerberus Support Center (3.2.0pr2 or later), available from the Cerberus Support Center Download Web site at http://www.cerberusweb.com/download/archives |
| Related URL |
CVE-2005-4427,CVE-2005-4428 (CVE) |
| Related URL |
16062 (SecurityFocus) |
| Related URL |
23834,23836 (ISS) |
|
