1. CVE-Search
  2. CVE-2006-5428
ID CVE-2006-5428
Summary rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
References
Vulnerable Configurations
  • cpe:2.3:a:cerberus:cerberus_helpdesk:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:cerberus:cerberus_helpdesk:3.2.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 20598
confirm http://forum.cerberusweb.com/showthread.php?t=7922
secunia 22418
vupen ADV-2006-4089
xf cerberushelpdesk-rpc-information-disclosure(29655)
Last major update 20-07-2017 - 01:33
Published 20-10-2006 - 17:07
Last modified 20-07-2017 - 01:33
Back to Top