Vulnerability Details : CVE-2006-5428
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.
Products affected by CVE-2006-5428
- cpe:2.3:a:cerberus:cerberus_helpdesk:3.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5428
4.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5428
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-5428
-
http://secunia.com/advisories/22418
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2006/4089
Site en construction
-
http://forum.cerberusweb.com/showthread.php?t=7922
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29655
Cerberus Helpdesk rpc.php information disclosure CVE-2006-5428 Vulnerability Report
-
http://www.securityfocus.com/bid/20598
Jump to