attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cerberus_helpdesk | Cerberus | 2.0 (including) | 2.0 (including) |
| Cerberus_helpdesk | Cerberus | 2.1 (including) | 2.1 (including) |
| Cerberus_helpdesk | Cerberus | 2.2 (including) | 2.2 (including) |
| Cerberus_helpdesk | Cerberus | 2.3 (including) | 2.3 (including) |
| Cerberus_helpdesk | Cerberus | 2.4 (including) | 2.4 (including) |
| Cerberus_helpdesk | Cerberus | 2.5 (including) | 2.5 (including) |
| Cerberus_helpdesk | Cerberus | 2.6.1 (including) | 2.6.1 (including) |
References
- http://marc.info/?l=full-disclosure\u0026m=113109433413298\u0026w=2
- http://secunia.com/advisories/17431
- http://securitytracker.com/id?1015153
- http://www.osvdb.org/20461
- http://www.securityfocus.com/bid/15315
- http://marc.info/?l=full-disclosure\u0026m=113109433413298\u0026w=2
- http://secunia.com/advisories/17431
- http://securitytracker.com/id?1015153
- http://www.osvdb.org/20461
- http://www.securityfocus.com/bid/15315