Vulnerability Details : CVE-2015-2993

Public exploit exists!
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.
Published 2015-06-08 14:59:01
Updated 2025-04-12 10:46:41
Source MITRE
View at NVD,   CVE.org

Products affected by CVE-2015-2993

Exploit prediction scoring system (EPSS) score for CVE-2015-2993

EPSS FAQ
77.00%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-2993

  • SysAid Help Desk Administrator Account Creation
    Disclosure Date: 2015-06-03
    First seen: 2020-04-26
    auxiliary/admin/http/sysaid_admin_acct
    This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated user to create an administrator account. Note that this exploit will only work once. Any subsequent attempts will fail. On the other hand, the credentials must be verified

CVSS scores for CVE-2015-2993

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
 NIST

CWE ids for CVE-2015-2993

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2993

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close