Vulnerability Details CVE-2005-4638
index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html
- http://www.osvdb.org/22226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23917
- http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html
- http://www.osvdb.org/22226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23917
Products affected by CVE-2005-4638
-
cpe:2.3:a:kayako:supportsuite:*