Vulnerabilities > CVE-2006-5428 - Unspecified vulnerability in Cerberus Helpdesk 3.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Cerberus Helpdesk 3.2.1 Rpc.PHP Unauthorized Access Vulnerability. CVE-2006-5428. Webapps exploit for php platform |
id | EDB-ID:28826 |
last seen | 2016-02-03 |
modified | 2006-10-18 |
published | 2006-10-18 |
reporter | jonepet |
source | https://www.exploit-db.com/download/28826/ |
title | Cerberus Helpdesk 3.2.1 Rpc.PHP Unauthorized Access Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | CERBERUS_GUI_RPC_INFO_DISCLOSURE.NASL |
description | The remote host is running Cerberus Helpdesk, a web-based helpdesk suite written in PHP. The installed version of Cerberus Helpdesk on the remote host allows an unauthenticated attacker to retrieve information about ticket requesters through the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22876 |
published | 2006-10-18 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22876 |
title | Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure |
code |
|