CVE-2005-3502

UNRATEDJSON export Create alert

Description

attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.

Affected products

Cerberus / cerberus_helpdesk2.0 – 2.0
Cerberus / cerberus_helpdesk2.1 – 2.1
Cerberus / cerberus_helpdesk2.2 – 2.2
Cerberus / cerberus_helpdesk2.3 – 2.3
Cerberus / cerberus_helpdesk2.4 – 2.4
Cerberus / cerberus_helpdesk2.5 – 2.5
Cerberus / cerberus_helpdesk2.6.1 – 2.6.1

References

VENDOR_ADVISORYhttp://secunia.com/advisories/17431
MISChttp://securitytracker.com/id?1015153
MISChttp://www.securityfocus.com/bid/15315
MISChttp://www.osvdb.org/20461
MAILING_LISThttp://marc.info/?l=full-disclosure&m=113109433413298&w=2