Description
attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
Affected products
- Cerberus / cerberus_helpdesk2.0 – 2.0
- Cerberus / cerberus_helpdesk2.1 – 2.1
- Cerberus / cerberus_helpdesk2.2 – 2.2
- Cerberus / cerberus_helpdesk2.3 – 2.3
- Cerberus / cerberus_helpdesk2.4 – 2.4
- Cerberus / cerberus_helpdesk2.5 – 2.5
- Cerberus / cerberus_helpdesk2.6.1 – 2.6.1