Vulnerability Details CVE-2006-5428
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://forum.cerberusweb.com/showthread.php?t=7922
- http://secunia.com/advisories/22418
- http://www.securityfocus.com/bid/20598
- http://www.vupen.com/english/advisories/2006/4089
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29655
- http://forum.cerberusweb.com/showthread.php?t=7922
- http://secunia.com/advisories/22418
- http://www.securityfocus.com/bid/20598
- http://www.vupen.com/english/advisories/2006/4089
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29655
Products affected by CVE-2006-5428
-
cpe:2.3:a:cerberus:cerberus_helpdesk:3.2.1