attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cerberus_helpdesk | Cerberus | 2.0 (including) | 2.0 (including) |
| Cerberus_helpdesk | Cerberus | 2.1 (including) | 2.1 (including) |
| Cerberus_helpdesk | Cerberus | 2.2 (including) | 2.2 (including) |
| Cerberus_helpdesk | Cerberus | 2.3 (including) | 2.3 (including) |
| Cerberus_helpdesk | Cerberus | 2.4 (including) | 2.4 (including) |
| Cerberus_helpdesk | Cerberus | 2.5 (including) | 2.5 (including) |
| Cerberus_helpdesk | Cerberus | 2.6.1 (including) | 2.6.1 (including) |