Information Disclosure in Cerberus Helpdesk 3.2.1
CVE-2006-5428

Currently unrated

Key Information:

Vendor: Cerberus
Status: Cerberus Helpdesk
Vendor: CVE Published:; 20 October 2006

What is CVE-2006-5428?

The rpc.php component in Cerberus Helpdesk 3.2.1 presents a security flaw that fails to validate a client's privileges during a display_get_requesters operation. This oversight enables remote attackers to bypass the graphical user interface (GUI) login, allowing them to directly access and extract sensitive information related to ticket data without authorization.

References

http://forum.cerberusweb.com/showthread.php?t=7922

x_refsource_CONFIRM

http://secunia.com/advisories/22418

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/4089

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2006
Vulnerability Reserved
Oct 20, 2006

CVE-2006-5428 Data

JSON